Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
0
Helpful
3
Replies

ASA 5515 Alerting

IamDaMayor
Level 1
Level 1

‎02-16-2019 12:33 PM - edited ‎02-21-2020 08:49 AM

The ASA keeps alerting on our monitoring tool as being 'down'. These outages are lasting a few seconds. In every instance the ASA does not failover to the standby unit. It is the inside interface which is alerting

 

------------------ show failover ------------------ 

 

Failover On
Failover unit Primary
Failover LAN Interface: LAN-Failover GigabitEthernet0/3 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 5 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 114 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.9(2), Mate 9.9(2)
Serial Number: Ours FCH18287DKT, Mate FCH1827K9UB
<--- More ---> Last Failover at: 09:50:01 GMT/BDT Aug 11 2018
This host: Primary - Active
Active time: 16368765 (sec)
slot 0: ASA5515 hw/sw rev (1.0/9.9(2)) status (Up Sys)
Interface Inside (172.18.246.65): Normal (Monitored)
Interface Outside (195.212.12.120): Link Down (Shutdown)
Interface OSMO (172.28.48.254): Normal (Monitored)
Interface dmz8 (10.200.8.254): Normal (Not-Monitored)
Interface dmz16 (10.200.16.254): Normal (Monitored)
Interface dmz18 (10.200.18.254): Normal (Monitored)
Interface dmz7 (10.200.9.4): Normal (Not-Monitored)
Interface Swift (192.168.254.247): Normal (Not-Monitored)
Interface management (172.18.248.48): Normal (Not-Monitored)
slot 1: CXSC5515 hw/sw rev (N/A/) status (Unresponsive/Up)
slot 1: CXSC5515 hw/sw rev (N/A/) status (Unresponsive/Up)
Other host: Secondary - Standby Ready
Active time: 1465 (sec)
slot 0: ASA5515 hw/sw rev (1.0/9.9(2)) status (Up Sys)
Interface Inside (172.18.246.66): Normal (Monitored)
Interface Outside (0.0.0.0): Link Down (Shutdown)
Interface OSMO (172.28.48.253): Normal (Monitored)
Interface dmz8 (10.200.8.253): Normal (Not-Monitored)
Interface dmz16 (10.200.16.253): Normal (Monitored)
Interface dmz18 (10.200.18.253): Normal (Monitored)
<--- More ---> Interface dmz7 (10.200.9.3): Normal (Not-Monitored)
Interface Swift (0.0.0.0): Normal (Not-Monitored)
Interface management (172.18.248.49): Normal (Not-Monitored)
slot 1: CXSC5515 hw/sw rev (N/A/) status (Unresponsive/Up)
slot 1: CXSC5515 hw/sw rev (N/A/) status (Unresponsive/Up)

Stateful Failover Logical Update Statistics
Link : LAN-Failover GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 9742817118 0 466866691 76
sys cmd 2752572 0 2752572 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 7017560078 0 281822528 30
UDP conn 2604703682 0 172054460 3
ARP tbl 51674329 0 3116983 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
<--- More ---> VPN DHCP upd 0 0 0 0
SIP Session 33322000 0 3844082 0
SIP Tx 19503658 0 1727644 0
SIP Pinhole 13297744 0 1548236 4
Route Session 731 0 0 39
Router ID 0 0 0 0
User-Identity 2324 0 186 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 25 460528666
Xmit Q: 0 11 9688347446

------------------ show failover history ------------------

==========================================================================
From State To State Reason
==========================================================================
22:05:29 GMT/BDT Jun 22 2018
<--- More ---> Not Detected Negotiation No Error

22:05:32 GMT/BDT Jun 22 2018
Negotiation Cold Standby Detected an Active mate

22:05:33 GMT/BDT Jun 22 2018
Cold Standby Sync Config Detected an Active mate

22:05:54 GMT/BDT Jun 22 2018
Sync Config Sync File System Detected an Active mate

22:05:54 GMT/BDT Jun 22 2018
Sync File System Bulk Sync Detected an Active mate

22:06:10 GMT/BDT Jun 22 2018
Bulk Sync Standby Ready Detected an Active mate

16:58:56 GMT/BDT Jul 7 2018
Standby Ready Just Active Set by the config command

16:58:56 GMT/BDT Jul 7 2018
Just Active Active Drain Set by the config command

16:58:56 GMT/BDT Jul 7 2018
<--- More ---> Active Drain Active Applying Config Set by the config command

16:58:56 GMT/BDT Jul 7 2018
Active Applying Config Active Config Applied Set by the config command

16:58:56 GMT/BDT Jul 7 2018
Active Config Applied Active Set by the config command

09:25:36 GMT/BDT Aug 11 2018
Active Failed Interface check
This host:1
single_vf: Inside
Other host:0

09:46:43 GMT/BDT Aug 11 2018
Failed Standby Ready Interface check
This host:0
Other host:0

09:50:01 GMT/BDT Aug 11 2018
Standby Ready Just Active Other unit wants me Active

09:50:01 GMT/BDT Aug 11 2018
Just Active Active Drain Other unit wants me Active
<--- More ---> 09:50:01 GMT/BDT Aug 11 2018
Active Drain Active Applying Config Other unit wants me Active

09:50:01 GMT/BDT Aug 11 2018
Active Applying Config Active Config Applied Other unit wants me Active

09:50:01 GMT/BDT Aug 11 2018
Active Config Applied Active Other unit wants me Active

==========================================================================

------------------ show failover history details ------------------

===========================PEER-HISTORY===================================
From State To State Reason
===========================PEER-HISTORY===================================
===========================PEER-HISTORY===================================

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2019 02:02 PM

Can you post :

 

show run failover 

sh run all monitor-interface 

sh failover interface - output from both units.

 

Check Failover link - Cables, make sure there are intact.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

IamDaMayor
Level 1
Level 1
In response to balaji.bandi

‎02-17-2019 10:20 AM

# sh failover interface
interface LAN-Failover GigabitEthernet0/3
System IP Address: 10.1.0.1 255.255.255.0
My IP Address : 10.1.0.2
Other IP Address : 10.1.0.1

 

# sh run failover
failover
failover lan unit primary
failover lan interface LAN-Failover GigabitEthernet0/3
failover polltime unit 5 holdtime 15
failover key *****
failover link LAN-Failover GigabitEthernet0/3
failover interface ip LAN-Failover 10.1.0.1 255.255.255.0 standby 10.1.0.2

Redditch-ASA# sh run all monitor-interface
monitor-interface Inside
monitor-interface Outside
monitor-interface OSMO
no monitor-interface dmz8
monitor-interface dmz16
monitor-interface dmz18
no monitor-interface dmz7
no monitor-interface Swift
no monitor-interface management
monitor-interface service-module

Redditch-ASA# sh failover inter
interface LAN-Failover GigabitEthernet0/3
System IP Address: 10.1.0.1 255.255.255.0
My IP Address : 10.1.0.1
Other IP Address : 10.1.0.2

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎02-17-2019 05:08 AM

How is the monitoring tool connected to ASA. It might be the interconnect
network.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card