03-10-2017 12:26 AM - edited 03-12-2019 02:02 AM
I have two ASA5545 and two catalyst4507 switch. Switches are in vss mode. I have to cluster both the ASA through switch.
Configuration is as below:-
ASA-2# sh run cluster
cluster group ASA-CLUSTER
local-unit ASA-2
cluster-interface Port-channel10 ip 192.168.21.3 255.255.255.248
priority 2
health-check holdtime 3
health-check data-interface auto-rejoin 3 5 2
health-check cluster-interface auto-rejoin unlimited 5 1
clacp system-mac auto system-priority 1
ASA-1# sh run cluster
cluster group ASA-CLUSTER
local-unit ASA-1
cluster-interface Port-channel10 ip 192.168.21.2 255.255.255.248
priority 1
console-replicate
health-check holdtime 3
health-check data-interface auto-rejoin 3 5 2
health-check cluster-interface auto-rejoin unlimited 5 1
clacp system-mac auto system-priority 1
-------------------------------------------
ASA-2# sh run inter gi0/7
!
interface GigabitEthernet0/7
channel-group 10 mode on
ASA-2#
-----------------------------------------
ASA-1# sh run inter gi0/7
!
interface GigabitEthernet0/7
channel-group 10 mode on
ASA-1#
----------------------------------------------
on switch
SW- inter gi1/1/4
- swi mode acc
- swi acc vlan 23
- channel-group 10 mode on
--inter gi2/1/4
- swi mode acc
- swi acc vlan 23
- channel-group 10 mode on
now only one ASA is reachable from switch. means when ASA-1 (IP .2) is reachable from switch but not ASA-2 (IP- .3).
When I removing cable from ASA-1 then ASA-2 is reachable. So how they will sync.
when enabling cluster both ASA becomes MASTER.
Any solution ?
05-25-2017 09:44 AM
Did you get a solution or work-around for this issue? I am facing a similar dilemma now. Kindly share how you handled this.
Thanks.
05-25-2017 11:57 PM
In ASA cluster we need minimum 2 link form each ASA for a port channel. Otherwise it will not be a good implementation. If u will use only one link per ASA for CCL link then it will hamper data interface. Like.....when cluster port channel will go down cluster will break and data interface of the context will also go down.
Apart from cluster issue my issue was related to etherchannel. Need to check etherchannel configuration and issue will be resolved.
05-29-2017 12:52 PM
Thanks veevekraj1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide