Hej
I am trying to understand the Failover behavior on Customer facing interfaces on ASA Firepower 1150
I have configured an interface towards a host with standby IP. The host can reach both IPs on Ether1/10.8. However, If I shutdown Link 1 on Switch, the ASA doesn't seem to use the standby interface for traffic (although the host can still ping 172.16.8.2).
If I try to ping from ASA to Host when Link 1 is down, I get the below error. I would expect the traffic to failover to standby but it doesn't. Is this the expected behavior or am I missing something?
Interface Config
interface Ethernet1/10.8
vlan 8
nameif SERVICE-8
security-level 100
ip address 172.16.8.1 255.255.255.0 standby 172.16.8.2 Ping error when Link1 is shutdown on Switch-1
fw01(config)# ping SERVICE-8 172.16.8.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.3, timeout is 2 seconds:
Error: SERVICE-8 interface is shutdownFailover Config/State
failover
failover lan unit primary
failover lan interface FAILOVER Ethernet1/7
failover link STATEFUL Ethernet1/8
failover interface ip FAILOVER 192.168.100.1 255.255.255.252 standby 192.168.100.2
failover interface ip STATEFUL 192.168.100.5 255.255.255.252 standby 192.168.100.6
###############################################################
###############################################################
fw01-tgl-cph(config-subif)# show failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Standby Ready Comm Failure 14:15:15 UTC Dec 13 2023
====Configuration State===
Sync Done
====Communication State===
Mac set
2 Accepted Solutions
