Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
0
Helpful
2
Replies

ASA Failover issue (Primary_group_1) Lost Failover communications with mate on interface dmz

Pranav Gade
Level 1
Level 1

‎08-29-2013 02:29 PM - edited ‎03-11-2019 07:32 PM

HI ,

We are running with Cisco ASA 8.0.5 in multiple context mode please find configuration details for the same

Failover On

Failover unit Primary

Failover LAN Interface: asa-mgmt-failover Management0/0 (up)

Unit Poll frequency 3 seconds, holdtime 9 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 11 of 250 maximum

Version: Ours 8.0(5)23, Mate 8.0(5)23

Group 1 last failover at: 15:38:00 IST Jul 11 2013

  This host:    Primary

  Group 1       State:          Active

                Active time:    21634557 (sec)

                slot 0: ASA5550 hw/sw rev (2.0/8.0(5)23) status (Up Sys)

                  admin Interface outside (203.99.214.71): Normal

                  admin Interface dmz (10.224.1.153): Normal

                  admin Interface jpmc (10.224.1.137): Normal

                  admin Interface inside (10.224.1.36): Normal

                  admin Interface wan (10.224.1.1): Normal

                  abc Interface wan (10.224.1.201): Normal

                  abc Interface odc (10.224.1.145): Normal

                  xyz Interface outside (10.224.1.193): Normal

                  xyz Interface bms (10.224.63.1): Normal

                  lkj Interface outside (10.224.1.218): Normal

                  lkj Interface inside (10.224.35.5): Normal (Not-Monitored)

                  lkj Interface dmz (10.224.37.129): Normal

                slot 1: ASA-SSM-4GE-INC hw/sw rev (1.0/1.0(0)10) status (Up)

  Other host:   Secondary

  Group 1       State:          Standby Ready

                Active time:    33 (sec)

slot 0: ASA5550 hw/sw rev (2.0/8.0(5)23) status (Up Sys)

                  admin Interface outside (203.99.214.71): Normal

                  admin Interface dmz (10.224.1.153): Normal

                  admin Interface jpmc (10.224.1.137): Normal

                  admin Interface inside (10.224.1.36): Normal

                  admin Interface wan (10.224.1.1): Normal

                  abc Interface wan (10.224.1.201): Normal

                  abc Interface odc (10.224.1.145): Normal

                  xyz Interface outside (10.224.1.193): Normal

                  xyz Interface bms (10.224.63.1): Normal

                  lkj Interface outside (10.224.1.218): Normal

                  lkj Interface inside (10.224.35.5): Normal (Not-Monitored)

                  lkj Interface dmz (10.224.37.129): Normal

                slot 1: ASA-SSM-4GE-INC hw/sw rev (1.0/1.0(0)10) status (Up)

Stateful Failover Logical Update Statistics

        Link : asa-mgmt-failover Management0/0 (up)

        Stateful Obj    xmit       xerr       rcv        rerr     

        General         27756222057 0          2898148    23383    

        sys cmd         2884433    0          2884432    0        

        up time         0          0          0          0        

        RPC services    0          0          0          0        

        TCP conn        21161285056 0          8729       16454    

        UDP conn        6448374101 0          4943       6929     

        ARP tbl         143539325  0          44         0        

        Xlate_Timeout   0          0          0          0        

        SIP Session     139142     0          0          0        

        Logical Update Queue Information

                        Cur     Max     Total

        Recv Q:         0       12      2898148

        Xmit Q:         0       17      27756222078

And according to the syslog server, everything was good until 12:45pm, when this started:


Apr 08 12:45:38 10.22.151.58 local5.alert Apr 08 2009 12:49:55: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface management-con1

Apr 08 12:45:38 10.22.151.58 local5.alert Apr 08 2009 12:49:55 %ASA-1-105005: (Primary_group_1) Lost Failover communications with mate on interface dmz

Apr 08 12:45:38 10.22.151.58 local5.alert Apr 08 2009 12:49:55: %ASA-1-105008: (Primary) Testing Interface management-con1

Apr 08 12:45:38 10.22.151.58 local5.alert Apr 08 2009 12:49:55: %ASA-1-105009: (Primary) Testing on interface management-con1 Passed


No outage, no failover, just an inability to remotely manage the device outside of the console.

I would highly appritiate if any one can give me solution for this failove message founf in syslog server.

Regards,

Pranav

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-29-2013 03:20 PM

Hello Pranav,

Well looks like there are some communication issues between this guys at that time,

Is there a switch between this 2 devices?

Can you check the logs from the device?

at the moment we are up and running right?

It looks like we fail one of the tests that we run in order to determine whether failover is up or not.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Pranav Gade
Level 1
Level 1
In response to Julio Carvajal

‎08-30-2013 01:13 AM

Julio ,

Thanks for reply.. Currently we are not having any switch in between two ASA's.. Yes currently both ASA are in live and up and running.

Last failover happened on Jul 11 2013

Is that issue with any poll frequency ? thats why even if no failover happend we found failover message on syslog.

Apr 08 12:45:38 10.22.151.58 local5.alert Apr 08 2009 12:49:55: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface management-con1

Apr 08 12:45:38 10.22.151.58 local5.alert Apr 08 2009 12:49:55 %ASA-1-105005: (Primary_group_1) Lost Failover communications with mate on interface dmz

Thanks

Pranav

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card