03-04-2016 07:48 AM - edited 03-12-2019 12:26 AM
folks
I'm setting up an asa cluster (asa 5585) across two data centres (one unit in each)
the cluster is working ok with a spanned port-channel for the inside and another one for the outside
there are no subinterfaces or vlans and there is a dedicated switch for the inside and one for the outside
I've configured a virtual mac address on both port-channels
my issue is:
when i unpatch the inside interface on the MASTER, it leaves the cluster but its outside port-channel stays up so the outside switch still seems to send traffic back to the old MASTERS outside interface and a ping i have running from inside to outside fails
if i repatch the box back in and enable clustering, the ping starts to work again
i assume this isn't excepted behaviour?
if so is there a way to prevent this happening
thanks to anyone taking the time to reply
03-05-2016 04:20 PM
It should be enabled by default, but have you made sure that the health-check monitor-interface command is present for your interfaces?
--
Please remember to select a correct answer and rate helpful posts
03-06-2016 04:07 AM
marius
many thanks for your reply
the show cluster info command doesn't show which interfaces are being monitored so i configured the health-check command manually for both inside and outside port channels
when i pull the inside interface on asa 1 i can now see
the inside port-channel goes down and line protocol goes down
the outside port-channel goes down but line protocol stays up
the external switch which terminates both asa outside interfaces show both asa interfaces as up and so I suspect is load balancing to the dead asa
a ping from a router on the outside interface to the asa outside ip address then fails, as does a test ping from my inside to outside
thanks again for your help
03-08-2016 11:32 AM
Could you post your full ASA confiugration please. remove any public IPs, usernames and passwords.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide