cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1527
Views
0
Helpful
5
Replies

ASA 5525 Failover issue

maddyguru8525
Level 1
Level 1

Hi,

I am facing an Active/active failover problem 
model ASA 5525
system image: asa922-4-SMP-k8.bin
ASDM: 7.2(2)1

both firewall configuration matched. and interface showing up. but failover is not working.

any one help this..

 

5 Replies 5

Alex Pfeil
Level 7
Level 7

Here is a link to a document showing the configuration.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ha_active_standby.pdf

Here is a configuration example.

Primary - ASA
failover
failover lan unit primary
failover lan interface Failover Ethernet1/8
failover link Failover Ethernet1/8
failover interface ip Failover 192.168.1.1 255.255.255.252 standby 192.168.1.2
Secondary - ASA
failover
failover lan unit secondary
failover lan interface Failover Ethernet1/8
failover link Failover Ethernet1/8
failover interface ip Failover 192.168.1.1 255.255.255.252 standby 192.168.1.2
 
Can you provide your configuration?

GRANT3779
Spotlight
Spotlight

It looks like you may be monitoring the SFR/IPS module as part of the failover, which has failed on the primary firewall. It is in recover mode.

If you provide the output of 

Show run all monitor-interface

If you see the module as being monitored, just negate it with the no command until you figure out what is wrong with the module. This will at least get your failover working. 

just to add what @GRANT3779  said.

 

he is right follow his instruction. moreover, it seems your SFR could be problemetic. might you need to re-image this module. however, recover should come in to state as UP/UP. otherwise, do some test no sucess than reimage this.

please do not forget to rate.

We not using IPS module. Both firewalls is up. but failover not happened where is primary down.

 

 

What is the Output from 

show run all monitor-interface

Review Cisco Networking for a $25 gift card