Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1002
Views
1
Helpful
7
Replies

ASA 5515-X Active/Standby Failover Reset

Go to solution
Avero
Level 1
Level 1

‎11-27-2023 09:32 AM

Hopefully a easy issue to resolve. I have two Cisco ASA 5515-X in an Active/Standby failover configuration. For one reason or another we started to get weird network issues which included Dynamic Routing going in and out. All of the issues went away when I powered down one of the ASAs.

I currently have one of the ASAs totally disconnected from the network and powered on while the other is fully connected onto the network and powered on. After some troubleshooting, it looks like the Failover configuration is the culprit. Both ASAs see themselves as the Primary Failover Unit. What is the best practice to get this Active/Standby units working correctly again?

Do I just need to set one of the ASA back as Secondary Failover Unit, then just connect it back onto the network? Or should I connect the LAN and State Failover ports first and perform a Failover Reset?

The LAN Failover, State Failover, and Gigabit Ethernet ports are still connected correctly for each ASA.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Avero
Level 1
Level 1

‎11-27-2023 02:07 PM

Issue has been resolved.
I changed the second ASA back from Primary Failover Unit to Secondary Failover Unit via CLI. I then connected the FOlink interface only. I saw that the two ASAs were behaving now and not fighting over for the active role, but the Secondary failover status was failing. I reconnected the remaining Inside/Outside interfaces and performed a reset failover. The Secondary status is now Standby Ready.

I do appreciate both Balaji and MHM Cisco World for your time.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-27-2023 09:37 AM

Make sure active unit working as expected.

Connect Only sync Link and see is the replicated with mate successfully ?

if not i would reset the ASA standby unit and fresh config and join the Active unit sync with mate completly then connect inside and outside interface and test it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Avero
Level 1
Level 1
In response to balaji.bandi

‎11-27-2023 09:51 AM

Hi, Balaji.
Thank you for the reply. To confirm your instructions, I should not do any configuration changes to either ASA and just connect the two together via the LAN Failover (FOlink) interfaces to see if they pair successfully, correct?
If they do not pair successfully, Factory Reset the standby unit and reconfigure.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Avero

‎11-27-2023 12:18 PM

ASA and just connect the two together via the LAN Failover (FOlink) interfaces to see if they pair successfully, correct?  - YES no other link also post if you see any logs what reason failing.

If they do not pair successfully, Factory Reset the standby unit and reconfigure.  - yes correct quick fix (make sure no changes done - only required basic config on standby unit to pair with Active)

Note : side note to be safe side take config backup out of the box.

simle as i have done the steps :

https://www.balajibandi.com/?p=244

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
MHM Cisco World
VIP
VIP

‎11-27-2023 10:16 AM

Can you share the asa config?

0 Helpful

Go to solution
Avero
Level 1
Level 1

‎11-27-2023 02:07 PM

Issue has been resolved.
I changed the second ASA back from Primary Failover Unit to Secondary Failover Unit via CLI. I then connected the FOlink interface only. I saw that the two ASAs were behaving now and not fighting over for the active role, but the Secondary failover status was failing. I reconnected the remaining Inside/Outside interfaces and performed a reset failover. The Secondary status is now Standby Ready.

I do appreciate both Balaji and MHM Cisco World for your time.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Avero

‎11-27-2023 02:10 PM

You are welcome 

Have a nice day 

MHM

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Avero

‎11-28-2023 08:25 AM

No worry, that is easiest way to troubleshoot connecting only Sync Link that not going to take over the role.

Glad our suggestion helped to resolve the issue, thank you for the feedback.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card