cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

712
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA Cluster issue

I have two ASA5545 and two catalyst4507 switch. Switches are in vss mode. I have to cluster both  the ASA through switch.

Configuration is as below:-

ASA-2# sh run cluster
cluster group ASA-CLUSTER
local-unit ASA-2
cluster-interface Port-channel10 ip 192.168.21.3 255.255.255.248
priority 2
health-check holdtime 3
health-check data-interface auto-rejoin 3 5 2
health-check cluster-interface auto-rejoin unlimited 5 1
clacp system-mac auto system-priority 1

ASA-1# sh run cluster
cluster group ASA-CLUSTER
local-unit ASA-1
cluster-interface Port-channel10 ip 192.168.21.2 255.255.255.248
priority 1
console-replicate
health-check holdtime 3
health-check data-interface auto-rejoin 3 5 2
health-check cluster-interface auto-rejoin unlimited 5 1
clacp system-mac auto system-priority 1

-------------------------------------------
ASA-2# sh run inter gi0/7
!
interface GigabitEthernet0/7
channel-group 10 mode on
ASA-2#

-----------------------------------------
ASA-1# sh run inter gi0/7
!
interface GigabitEthernet0/7
channel-group 10 mode on
ASA-1#

----------------------------------------------
on switch

SW- inter gi1/1/4
- swi mode acc
- swi acc vlan 23
- channel-group 10 mode on

--inter gi2/1/4
- swi mode acc
- swi acc vlan 23
- channel-group 10 mode on

now only one ASA is reachable from switch. means when ASA-1 (IP .2) is reachable from switch but not ASA-2 (IP- .3).

When I removing cable from ASA-1 then ASA-2 is reachable. So how they will sync.

when enabling cluster both ASA  becomes MASTER. 

Any solution ?

3 REPLIES 3
Highlighted
Beginner

Hey veevekraj1,

Highlighted
Beginner

In ASA cluster we need

In ASA cluster we need minimum 2 link form each ASA for a port channel. Otherwise it will not be a good implementation. If u will use only one link per ASA for CCL link then it will hamper data interface. Like.....when cluster port channel will go down cluster will break and data interface of the context will also go down.

Apart from cluster issue my issue was related to etherchannel. Need to check etherchannel configuration and issue will be resolved.

Highlighted
Beginner

Thanks veevekraj1

Thanks veevekraj1