Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
222
Views
0
Helpful
1
Replies

ASA Failover setup

BILL DUNN
Level 1
Level 1

‎06-15-2015 03:48 PM - edited ‎03-11-2019 11:07 PM

I am trying to setup a pair of ASA5510's in an active/passive failover.  When I issue the failover command from the secondary 5510 I see these messages

 

Detected an Active mate

Beginning configuration replication from mate.

Warning: no actions specified. All actions disabled.

Warning: no actions specified. All actions disabled.

End configuration replication from mate.

 

When I use "show failover | include host"  I see this

  This host: Secondary - Failed

  Other host: Primary - Active

 

The secondary node seems to have all the configuration from the primary.  At the time the primary had a few VPN connections active.  Those too seemed to be reflected on the secondary.  I think the status of the secondary node needs to be "Standby Ready".  Can anyone tell me where I went wrong or how to troubleshoot this?

e0/0 is the outside interface

e0/1 is the inside interface

e0/2 and e0/3 are the common ports

 

Below are the commands I used to setup failover on the two nodes.  Outside IP addresses are fictional.

On Primary node

interface Ethernet0/0

 mac-address 0003.000b.0001 standby 0003.000b.0002

 nameif outside

 security-level 0

 ip address 18.174.151.249 255.255.255.0 standby 18.174.151.152

!

interface Ethernet0/1

 mac-address 0003.000a.0001 standby 0003.000a.0002

 nameif inside

 security-level 100

 ip address 172.16.190.249 255.255.255.0 standby 172.16.190.149

 

interface Redundant1

 description LAN/STATE Failover Interface

 member-interface Ethernet0/2

 member-interface Ethernet0/3

 

failover

failover lan unit primary

failover lan interface FailoverLink Redundant1

failover polltime unit msec 200 holdtime msec 800

failover polltime interface msec 500 holdtime 5

failover link FailoverLink Redundant1

failover interface ip FailoverLink 192.168.168.173 255.255.255.252 standby 192.168.168.174

 

On Secondary Node

Interface e0/2

No shut

Interface e0/3

No shut

Interface Redundant 1

 Member-interface et 0/2

 Member-interface et 0/3

Failover lan unit secondary

Failover lan interface FailoverLink Redundant1

failover interface ip FailoverLink 192.168.168.173 255.255.255.252 standby 192.168.168.174

failover

 

 

 

 

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-16-2015 06:30 AM

Hi,

I think possibly monitoring on one of the Data interfaces on this Ha are failing.

Check "show failover state" to find the interface which is failing.

Also , as you are using the redundant interface for failover , use a switch for connecting the failover interface.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card