Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1114
Views
0
Helpful
5
Replies

ASA 5545 blocks traffic

ckolesar
Level 1
Level 1

‎11-07-2018 07:56 AM - edited ‎02-21-2020 08:26 AM

I have two Cisco ASA 5545 firewalls.  I am having a problem where every month or two the primary ASA fails to where it blocks all outbound traffic.  The fix is to manually fail over to our secondary ASA, which then allows proper traffic flow. I realize that if I were able to do some troubleshooting while it was down, that would be the best solution for me, but b/c it brings all our remote sites down to us as well as outbound traffic- its very time sensitive and I just dont have time to troubleshoot it while its not working.

 

I have the ASA sending logs to a syslog server, and I have sent those off to Cisco TAC, but they have not had much luck on determining the cause.

 

My ASAs are mainly acting as a firewall and providing isakmp/ipsec connectivity to our remote sites.

 

I am not an expert on the ASA's so please bear with me on that.

 

Both devices are running the following:

 

Cisco Adaptive Security Appliance Software Version 9.4(4)16
Device Manager Version 7.7(1)150


-------------------[ firepower1 ]-------------------
Model                     : ASA5545 (72) Version 6.0.0 (Build 1005)
UUID                      : ae10699c-c05c-11e5-9090-83918997b897
Rules update version      : 2017-11-09-001-vrt
VDB version               : 264
----------------------------------------------------

 

Any help is appreciated.

 

Thanks!

 

0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎11-07-2018 08:54 AM

its hard to say for the few details your provided.

 

what happens when you Fail-over to standby  - remain standby as primary  ? ( do you see any issue with the secondary  also ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ckolesar
Level 1
Level 1
In response to balaji.bandi

‎11-07-2018 08:58 AM

So that is what i have set now-- i have failed over to secondary and have been running that as the active primary for the time being.

 

I have not tried staying on the secondary to see if it has the same problem. I always reboot the primary and then make it active.

 

Are you saying I should stay on the secondary and see if I ever have the problem-- as a troubleshooting step?

 

 

 

0 Helpful

venkat_n7
Level 1
Level 1
In response to ckolesar

‎11-07-2018 01:06 PM

can you provide logs, at the time of trouble, like before the trouble starts and after the trouble. best thing we can suggest is by looking logs.

Please rate comments and support
with regards,
Venkat
0 Helpful

ckolesar
Level 1
Level 1
In response to venkat_n7

‎11-07-2018 02:31 PM

Thanks for the response. I have added a log file.  Its includes about 8 mins before the incident and during the incident. I have more logs, but they are for the whole day. I can parse them down a bit, if needed and post more. 

 

 

I think I did the manual failover around 9:42am

Preview file
574 KB
0 Helpful

venkat_n7
Level 1
Level 1
In response to ckolesar

‎11-11-2018 06:51 PM - edited ‎11-11-2018 06:57 PM

hi,

i see nothing about failover related in logs. i think it should be os bug issue or hardware problem.

Please rate comments and support
with regards,
Venkat
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card