06-10-2008 01:02 PM - edited 03-11-2019 05:57 AM
Dear All ,
I have two ASA's connected in a failover mode .The issue is that when the inside -switch 1 goes down active ASA (ASA-A ) is not coming to standby mode.
On the active ASA , I have made the configuration to monitor both inside and outside interface , when any of the interface goes down it should switch to standby , but it's not happening .
Please see the attached diagram
Regards
Haris
06-10-2008 02:09 PM
your attachment means nothing to me.
send me the "show run failover" and "show failover" on both devices.
what software version the ASA'S are using?
Francisco
06-10-2008 11:26 PM
The Version is 7.0(4)12
The basic thing is I put the command "monitor-interface inside" and "monitor-interface outside|" in the configuration and the active one is not going down when the inside interface of the active unit goes down .
The attached is the show failover output in normal condition
06-11-2008 01:09 AM
I see you are using LAN-based failover using management 0/0 interface.
Looks like the failover is active but they are failing because there is no link between the PORXY interfaces which is affecting your failover. Make sure that both devices can ping each other PROXY interfaces. you can deselect that interface for now and test your failover again.
I suggest you also upgrade the software because V7.0(4)12 is old.
06-11-2008 09:51 AM
Can you also paste output:
show cpu
show run | include failover
The possible problems:
1. Proxy interface in standby ASA is not up and cannot take over active mode should failover happen.
Fix: ensure both proxy interface IP are pingable for each other
2. Your FW may be too busy (your CPU utilization can tell) so default unit poll interval 1second is too short
Fix: increase to say 5 seconds.
Pls rate if help
06-11-2008 09:04 PM
Dears ,
Very helpfull post
I put the command to monitor only inside and outside interfaces .
"no monitor-interface PROXY "
After that when Active ASA (ie ASA-A) inside interface is going down ,its switching back to standby (ie to ASA-S) .
But when Active ASA(ASA-A) inside interface coming back again it's not switching back ,
I want my ASA-A to come to active state when all interfaces come up again .
I tested by typing "failover active" on ASA-A to force ASA-A unit to become active , then its coming on active state again.
Any Clues ?
Regards
Haris
06-11-2008 11:56 PM
because you are running active/standby in single mode, i dont think that's possible unless you have active/active mode then you can assign preempt to your failover group.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: