Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
1
Helpful
2
Replies

ASA Active-Standby failover issues

Ahmed843
Level 1
Level 1

‎04-02-2025 07:30 AM

Hello Everyone, 

The secondary ASA became Active for no apparent reason. Please find the show command output below. I just want to confirm that in case the secondary fails, the primary will become Active again. Also, I'd like to investigate the reason why this failover occurred in the first place.

First ASA

VPN01# show failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 466 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.14(4)24, Mate 9.14(4)24
Serial Number: Ours xxxxxx1Q, Mate xxxxxxxZB
Last Failover at: 17:20:55 EDT Mar 20 2025
This host: Secondary - Active
Active time: 1097618 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.14(4)24) status (Up Sys)
Interface outside (1.1.1.1): Normal (Monitored)
Interface SHARED (X.X.255.6): Normal (Monitored)
Interface management (X.X.1.115): Normal (Not-Monitored)
Other host: Primary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.14(4)24) status (Up Sys)
Interface outside (1.1.1.1): Normal (Monitored)
Interface SHARED (X.X.255.206): Normal (Monitored)
Interface management (10.X.1.215): Normal (Not-Monitored)

VPN01# sho failover history


VPN1.png

 

Second ASA

VPN01# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 466 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.14(4)24, Mate 9.14(4)24
Serial Number: Ours XXXXXXZB, Mate XXXXXX1Q
Last Failover at: 17:23:12 EDT Mar 20 2025
This host: Primary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.14(4)24) status (Up Sys)
Interface outside (1.1.1.1): Normal (Monitored)
Interface SHARED (x.x.x.206): Normal (Monitored)
Interface management (x.x.x.215): Normal (Not-Monitored)
Other host: Secondary - Active
Active time: 1098096 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.14(4)24) status (Up Sys)
Interface outside (1.1.1.1): Normal (Monitored)
Interface SHARED (x.x.x.6): Normal (Monitored)
Interface management (x.x.x.115): Normal (Not-Monitored)

 

VPN01# show failover history

VPN2.png

0 Helpful
2 Replies 2

Mark Elsen
Hall of Fame
Hall of Fame

‎04-02-2025 09:07 AM

 

 - @Ahmed843 wrote : >....I just want to confirm that in case the secondary fails, the primary will become Active again
                                    Since there was a failover that cannot be exactly guaranteed, yet the outputs you provided
                                    seem rather OK at first sight.
                                    It's therefore always useful to configure a syslog server on the active ASA, to have a central
                                    place where logs are send and which can then be reviewed when there is a failover.

   You can also connect to the current active ASA with https://cway.cisco.com/cli/   (needs to be downloaded first)
   At the top right or left you can press (run) 'System Diagnostics'

    M.

   



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Ahmed843
Level 1
Level 1
In response to Mark Elsen

‎04-02-2025 11:58 AM

Thanks, marce1000 for the advice and also thanks for the (cway) tools. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card