Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
4
Replies

ASA Active/Passive Failed

Michael Wollner
Level 1
Level 1

‎01-13-2012 02:38 AM - edited ‎03-11-2019 03:13 PM

Hello,

i have a problem with a Failover Pair of 5510. The Boxes run with the software version 8.2.5.

If the Active ASA goes down, the Standby ASA switch to Active.

Now the problem.

If i switch on the old Active ASA, both ASA are Active.

This problem don't solved with the command 'no failover active' on the Standby box.

This problem only solved with the command 'no failover' and then 'failover' on the Standby box.

mfg

Michael Wollner

Labels:
0 Helpful
4 Replies 4

ajay chauhan
Level 7
Level 7

‎01-13-2012 03:37 AM

use the failover active command on the standby unit or the no failover active command on the active. This should work fine if not working then something else might causing some issue.

0 Helpful

Michael Wollner
Level 1
Level 1
In response to ajay chauhan

‎01-13-2012 03:47 AM

Hello ajay,

This command have no effect on the Standby unit. Both ASA Primary and Standby are Active after restart the Primary ASA.

Only the command 'no failover' and then 'failover' works.

mfg

0 Helpful

ajay chauhan
Level 7
Level 7
In response to Michael Wollner

‎01-13-2012 03:49 AM

Hi Michael,

Can you post failover config for both the Firewalls as well as show failover output attached with them?

Thanks

Ajay

0 Helpful

Michael Wollner
Level 1
Level 1
In response to ajay chauhan

‎01-13-2012 04:11 AM

Hello ajay,

the configs are correct.

-- Active --

interface Ethernet0/0

no nameif

no security-level

no ip address

!

interface Ethernet0/0.5

vlan 5

nameif outside

security-level 0

ip address 1x.x.x.210 255.255.255.248 standby 1x.x.x.211 

!

interface Ethernet0/0.6

vlan 6

nameif DMZ_01

security-level 2

ip address 10.3.1.10 255.255.255.0 standby 10.3.1.11 

!

interface Ethernet0/1.2

vlan 2

nameif DMZ_02

security-level 50

ip address 10.0.1.1 255.255.255.248 standby 10.0.1.2

!

interface Ethernet0/1.10

vlan 10

nameif DMZ_03

security-level 50

ip address 10.0.1.8 255.255.255.248 standby 10.0.1.9

!

interface Ethernet0/2

nameif DMZ_04

security-level 50

ip address 172.16.0.1 255.255.255.0 standby 172.16.0.2

!

interface Ethernet0/3

no nameif

no security-level

no ip address

interface Ethernet0/3.50

description LAN Failover Interface

vlan 50

interface Ethernet0/3.51

description STATE Failover Interface

vlan 51

!

interface Management0/0

nameif Management

security-level 99

ip address 172.31.0.1 255.255.255.0 standby 172.31.0.2

failover

failover lan unit primary

failover lan interface Failover Ethernet0/3.50

failover key xxxxx

failover replication http

failover link Failover Ethernet0/3.50

failover link State Ethernet0/3.51

failover interface ip Failover 172.18.2.1 255.255.255.248 standby 172.18.2.2

failover interface ip State 172.18.3.1 255.255.255.248 standby 172.18.3.2

monitor-interface outside

monitor-interface DMZ_01

monitor-interface DMZ_02

monitor-interface DMZ_03

-- Standby --

failover

failover lan unit secondary

failover lan interface Failover Ethernet0/3.50

failover key xxxxx

failover replication http

failover link Failover Ethernet0/3.50

failover link State Ethernet0/3.51

failover interface ip Failover 172.18.2.1 255.255.255.248 standby 172.18.2.2

failover interface ip State 172.18.3.1 255.255.255.248 standby 172.18.3.2

monitor-interface outside

monitor-interface DMZ_01

monitor-interface DMZ_02

monitor-interface DMZ_03

---

The Standby ASA is now Offline. I can't get a 'show failover' now. I post the logging at Monday.

mfg

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card