cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1095
Views
0
Helpful
3
Replies

ASA Cluster issue

veevekraj
Level 1
Level 1

I have two ASA5545 and two catalyst4507 switch. Switches are in vss mode. I have to cluster both  the ASA through switch.

Configuration is as below:-

ASA-2# sh run cluster
cluster group ASA-CLUSTER
local-unit ASA-2
cluster-interface Port-channel10 ip 192.168.21.3 255.255.255.248
priority 2
health-check holdtime 3
health-check data-interface auto-rejoin 3 5 2
health-check cluster-interface auto-rejoin unlimited 5 1
clacp system-mac auto system-priority 1

ASA-1# sh run cluster
cluster group ASA-CLUSTER
local-unit ASA-1
cluster-interface Port-channel10 ip 192.168.21.2 255.255.255.248
priority 1
console-replicate
health-check holdtime 3
health-check data-interface auto-rejoin 3 5 2
health-check cluster-interface auto-rejoin unlimited 5 1
clacp system-mac auto system-priority 1

-------------------------------------------
ASA-2# sh run inter gi0/7
!
interface GigabitEthernet0/7
channel-group 10 mode on
ASA-2#

-----------------------------------------
ASA-1# sh run inter gi0/7
!
interface GigabitEthernet0/7
channel-group 10 mode on
ASA-1#

----------------------------------------------
on switch

SW- inter gi1/1/4
- swi mode acc
- swi acc vlan 23
- channel-group 10 mode on

--inter gi2/1/4
- swi mode acc
- swi acc vlan 23
- channel-group 10 mode on

now only one ASA is reachable from switch. means when ASA-1 (IP .2) is reachable from switch but not ASA-2 (IP- .3).

When I removing cable from ASA-1 then ASA-2 is reachable. So how they will sync.

when enabling cluster both ASA  becomes MASTER. 

Any solution ?

3 Replies 3

Kunle
Level 1
Level 1

In ASA cluster we need minimum 2 link form each ASA for a port channel. Otherwise it will not be a good implementation. If u will use only one link per ASA for CCL link then it will hamper data interface. Like.....when cluster port channel will go down cluster will break and data interface of the context will also go down.

Apart from cluster issue my issue was related to etherchannel. Need to check etherchannel configuration and issue will be resolved.

Thanks veevekraj1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: