Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
3
Replies

ASA cluster query

mulhollandm
Level 1
Level 1

‎03-04-2016 07:48 AM - edited ‎03-12-2019 12:26 AM

folks

I'm setting up an asa cluster (asa 5585) across two data centres (one unit in each)

the cluster is working ok with a spanned port-channel for the inside and another one for the outside

there are no subinterfaces or vlans and there is a dedicated switch for the inside and one for the outside

I've configured a virtual mac address on both port-channels

my issue is:

when i unpatch the inside interface on the MASTER, it leaves the cluster but its outside port-channel stays up so the outside switch still seems to send traffic back to the old MASTERS outside interface and a ping i have running from inside to outside fails

if i repatch the box back in and enable clustering, the ping starts to work again

i assume this isn't excepted behaviour?

if so is there a way to prevent this happening

thanks to anyone taking the time to reply



Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎03-05-2016 04:20 PM

It should be enabled by default, but have you made sure that the health-check monitor-interface command is present for your interfaces?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

mulhollandm
Level 1
Level 1
In response to Marius Gunnerud

‎03-06-2016 04:07 AM

marius

many thanks for your reply

the show cluster info command doesn't show which interfaces are being monitored so i configured the health-check command manually for both inside and outside port channels

when i pull the inside interface on asa 1 i can now see

the inside port-channel goes down and line protocol goes down 

the outside port-channel goes down but line protocol stays up

the external switch which terminates both asa outside interfaces show both asa interfaces as up and so I suspect is load balancing to the dead asa

a ping from a router on the outside interface to the asa outside ip address then fails, as does a test ping from my inside to outside

thanks again for your help



0 Helpful

Marius Gunnerud
VIP
VIP
In response to mulhollandm

‎03-08-2016 11:32 AM

Could you post your full ASA confiugration please.  remove any public IPs, usernames and passwords.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card