Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
1
Replies

ASA A/S Failover issue with OSPF routing

alessandro.pasinetti
Level 1
Level 1

‎11-09-2017 01:38 AM - edited ‎02-21-2020 06:41 AM

Hi All,

I have a couple of ASA 5520 ( 9.1 version) in A/S failover connected to Core (4500X). We need to configure routing : I have no problem with static routing but when I configure ospf after some seconds the standby goes in active ( though the real active remains active) and I don't know why.

 

We have a SVI on core side

 

interface Vlan700
description ASA-LAB
ip address 10.50.50.82 255.255.255.248
ip ospf dead-interval 3
ip ospf hello-interval 1

 

on ASA side

 

interface GigabitEthernet1/0
media-type sfp
nameif inside
security-level 100
ip address 10.50.50.81 255.255.255.248 standby 10.50.50.83
ospf hello-interval 1
ospf dead-interval 3

 

 

the  Standby becomes immediately active after ospf configuration and  show failover history, I have:

 

10:31:10 CET Nov 9 2017
Standby Ready Just Active ACK not received for failover message

10:31:11 CET Nov 9 2017
Just Active Active Drain ACK not received for failover message

10:31:11 CET Nov 9 2017
Active Drain Active Applying Config ACK not received for failover message

10:31:11 CET Nov 9 2017
Active Applying Config Active Config Applied ACK not received for failover message

10:31:11 CET Nov 9 2017
Active Config Applied Active ACK not received for failover message

10:31:27 CET Nov 9 2017
Active Cold Standby Failover state check

10:31:29 CET Nov 9 2017
Cold Standby Sync Config Failover state check

 

this happens more times until the standby reboots

 

ASA-LAB#
******REPLICATION OF CONFIGURATION FROM ACTIVE TO STANDBY UNIT IS INCOMPLETE,
TO PREVENT THE STANDBY UNIT TAKING OVER AS ACTIVE WITH A PARTIAL CONFIGURATION,
THE STANDBY UNIT WILL NOW REBOOT*******

 


***
*** --- SHUTDOWN NOW ---

 

 

Could you please if there is something to know about failover and ospf?

 

Thanks a lot

 

Alessandro

Labels:
0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎11-09-2017 03:32 AM

Hello @alessandro.pasinetti

Very interesting problem. As per behavior and logs, looks like OSPF is interfering on the failover communication.

 

How does failover link looks like in your topology? 

Does failover IP address is on the same range of Network addressing ?

OSPF was activated in all firewall interface?

 

 

-If I helped you somehow, please, rate it as useful.-

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card