11-27-2023 09:32 AM
Hopefully a easy issue to resolve. I have two Cisco ASA 5515-X in an Active/Standby failover configuration. For one reason or another we started to get weird network issues which included Dynamic Routing going in and out. All of the issues went away when I powered down one of the ASAs.
I currently have one of the ASAs totally disconnected from the network and powered on while the other is fully connected onto the network and powered on. After some troubleshooting, it looks like the Failover configuration is the culprit. Both ASAs see themselves as the Primary Failover Unit. What is the best practice to get this Active/Standby units working correctly again?
Do I just need to set one of the ASA back as Secondary Failover Unit, then just connect it back onto the network? Or should I connect the LAN and State Failover ports first and perform a Failover Reset?
The LAN Failover, State Failover, and Gigabit Ethernet ports are still connected correctly for each ASA.
Solved! Go to Solution.
11-27-2023 02:07 PM
Issue has been resolved.
I changed the second ASA back from Primary Failover Unit to Secondary Failover Unit via CLI. I then connected the FOlink interface only. I saw that the two ASAs were behaving now and not fighting over for the active role, but the Secondary failover status was failing. I reconnected the remaining Inside/Outside interfaces and performed a reset failover. The Secondary status is now Standby Ready.
I do appreciate both Balaji and MHM Cisco World for your time.
11-27-2023 09:37 AM
Make sure active unit working as expected.
Connect Only sync Link and see is the replicated with mate successfully ?
if not i would reset the ASA standby unit and fresh config and join the Active unit sync with mate completly then connect inside and outside interface and test it.
11-27-2023 09:51 AM
Hi, Balaji.
Thank you for the reply. To confirm your instructions, I should not do any configuration changes to either ASA and just connect the two together via the LAN Failover (FOlink) interfaces to see if they pair successfully, correct?
If they do not pair successfully, Factory Reset the standby unit and reconfigure.
11-27-2023 12:18 PM
ASA and just connect the two together via the LAN Failover (FOlink) interfaces to see if they pair successfully, correct? - YES no other link also post if you see any logs what reason failing.
If they do not pair successfully, Factory Reset the standby unit and reconfigure. - yes correct quick fix (make sure no changes done - only required basic config on standby unit to pair with Active)
Note : side note to be safe side take config backup out of the box.
simle as i have done the steps :
11-27-2023 10:16 AM
Can you share the asa config?
11-27-2023 02:07 PM
Issue has been resolved.
I changed the second ASA back from Primary Failover Unit to Secondary Failover Unit via CLI. I then connected the FOlink interface only. I saw that the two ASAs were behaving now and not fighting over for the active role, but the Secondary failover status was failing. I reconnected the remaining Inside/Outside interfaces and performed a reset failover. The Secondary status is now Standby Ready.
I do appreciate both Balaji and MHM Cisco World for your time.
11-27-2023 02:10 PM
You are welcome
Have a nice day
MHM
11-28-2023 08:25 AM
No worry, that is easiest way to troubleshoot connecting only Sync Link that not going to take over the role.
Glad our suggestion helped to resolve the issue, thank you for the feedback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide