11-29-2017 06:54 AM - edited 02-21-2020 06:52 AM
Hi,
I have a ASA 5520 firewall as a boarder of our network to one of our client.
Recently, the outside interface of the secondary unit keep testing and keeps pass. I got the email from the firewall a few times a day. there is no obvious network drop as no one complaint and also as it's a secondary unit as well.
Below are the emails I got from the firewall every day:
%ASA-1-105008: (Secondary) Testing Interface outside
%ASA-1-105005: (Secondary) Lost Failover communications with mate on interface outside
%ASA-1-105009: (Secondary) Testing on interface outside Passed
I would like to trouble shoot and see why it's happening but I don't know where to start.
I checked the cabling and failover status and all is good.
Thank you.
11-29-2017 02:21 PM
Are the interface counters clean? Are the duplex settings set correctly? Are there any log-messages on the outside-switch?
12-06-2017 07:32 AM
Hi,
The interface counters are clean and no any log messages saying there is an issue and duplex setting is all full
12-01-2017 07:10 PM
hi,
can you post a show run failover and show failover output?
try removing HTTP replication if it's being used.
no failover replication http
12-06-2017 07:26 AM
Hi
The following are the sho run failover and show failover results, why need to disable the http replication?
sh run failover
failover
failover lan unit primary
failover lan interface fo-link GigabitEthernet0/3
failover replication http
failover link fo-link GigabitEthernet0/3
failover interface ip fo-link x.x.x.x 255.255.255.252 standby x.x.x.y
sh failover
Failover On
Failover unit Primary
Failover LAN Interface: fo-link GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 160 maximum
failover replication http
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 17:25:07 EDT Mar 30 2017
This host: Primary - Active
Active time: 21625335 (sec)
slot 0: ASA5520 hw/sw rev (1.1/8.2(5)) status (Up Sys)
Interface xxx (x.x.x.x): Normal
Interface yyy (x.x.x.x): Normal
Interface zzz (x.x.x.x): Normal
Interface aaa (x.x.x.x): Normal (Not-Monitored)
Interface bbb (x.x.x.x): Normal
Interface ccc (x.x.x.x): Normal
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 6118 (sec)
slot 0: ASA5520 hw/sw rev (1.1/8.2(5)) status (Up Sys)
Interface xxx (x.x.x.x): Normal
Interface yyy (x.x.x.x): Normal
Interface zzz (x.x.x.x2): Normal
Interface aaa (x.x.x.x): Normal (Not-Monitored)
Interface bbb (x.x.x.x): Normal
Interface ccc (x.x.x.x): Normal
slot 1: empty
Stateful Failover Logical Update Statistics
Link : fo-link GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 1887991115 0 2882776 0
sys cmd 2882796 0 2882776 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 1446887935 0 0 0
UDP conn 387137788 0 0 0
ARP tbl 51082596 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKE upd 0 0 0 0
VPN IPSEC upd 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 4 2882776
Xmit Q: 0 27 1909611057
01-29-2018 06:35 AM
Guys,
I have a similar problem on my 5510s (ASA Version 9.1(7)16 )
The difference is that mine ASAs are in transparent mode and have 3BVIs.
On the Primary ASA two of the BVIs interfaces are Normal(Monitored) but of them is constantly being tested and Passed.
On the Standby all interfaces looks ok - Normal (Monitored).
These error messages (%ASA-1-105008; %ASA-1-105009) are only appearing when I'm running on the Primary Active. Once I fail them over to Secondary all interfaces are being shown Normal (Monitored). I'm NOT getting the %ASA-1-105005 but ASAs logging this error as Critical (file attached).
Can anyone advise please ?
02-23-2018 11:27 AM
Hi,
Why we need to remove failover replication http ?
05-30-2018 04:21 AM
Hi everyone,
It looks like we have got stuck with this.
Can someone please advise how to fix this weird issue ?
I did have to disable sent alert emails because our email box was getting hundreds of emails a day.
Ge Qu - unless you really have to , do not remove this http replication. Cisco says that "not replicating HTTP sessions increases system performance without causing serious data or connection loss" I'm keeping this still enabled , just in case. Cisco says that replication "could have a negative impact upon system performance" but our performance seems to be ok.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide