Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2771
Views
0
Helpful
7
Replies

ASA Port-Channel config

Ramirov
Level 1
Level 1

‎01-22-2019 08:51 AM - edited ‎02-21-2020 08:41 AM

Hi guys , 

Im trying to configure a port channel beetween ASA (active/stanby) <--> SW 3850.

ASA Config

 

interface GigabitEthernet0/1
channel-group 10 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
channel-group 10 mode active
no nameif
no security-level
no ip address

 

interface Port-channel10
nameif inside
security-level 100
ip address 10.54.119.132 255.255.255.192 standby 10.54.119.190

 

3850 Config. ( 1 port-channel to each ASA)

 

interface Port-channel5
description INSIDE-PRIMARIO
switchport access vlan 602
switchport mode access

 

interface GigabitEthernet1/0/25
description INSIDE-PRIMARIO
switchport access vlan 602
switchport mode access
channel-group 5 mode active
!
interface GigabitEthernet1/0/26
description INSIDE-PRIMARIO
switchport access vlan 602
switchport mode access
channel-group 5 mode active

 

!
interface Port-channel15
description INSIDE-SECUNDARIO
switchport access vlan 602
switchport mode access

interface GigabitEthernet2/0/7
description INSIDE-SECUNDARIO
switchport access vlan 602
switchport mode access
channel-group 15 mode active
!
interface GigabitEthernet2/0/8
description INSIDE-SECUNDARIO
switchport access vlan 602
switchport mode access
channel-group 15 mode active

 

I see that the PO comes up without problems , but traffic is not working .

The config is okey??

 

Thanks

 

 

0 Helpful
7 Replies 7

Sheraz.Salim
VIP
VIP

‎01-22-2019 09:36 AM

your config are ok. can you try to ping from any ip address in range of inside address.

please do not forget to rate.
0 Helpful

Ramirov
Level 1
Level 1
In response to Sheraz.Salim

‎01-22-2019 09:52 AM

I cant reach the inside address , I think is a problem of ARP , maybe I have to clear ARP in some switches .

What do you think?

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Ramirov

‎01-22-2019 10:14 AM

clear arp best is do in change control all arp cache entries will flush. could be  a downtime for a 2 to 3 secounds

please do not forget to rate.
0 Helpful

Abheesh Kumar
VIP Alumni
VIP Alumni

‎01-22-2019 10:07 AM

Hi,
Is your vlan 602 IP address is from the same range of 192.54.119.128/26, your ASA & Switch side configuration is OK.
Please verify one more PO5 is connected ASA1` & PO 15 is connected to ASA2.

Hope This Helps
Abheesh
0 Helpful

Ramirov
Level 1
Level 1
In response to Abheesh Kumar

‎01-22-2019 10:40 AM

Yep, the vlan 602 is assigned to that range 10.54.119.128/26  . Po5 to FW1 and Po15 to Fw2 , I will try again but how this is a production enviroment  I wanted to make sure that the config is Okey

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Ramirov

‎01-22-2019 10:51 AM

can you confirm the etherchannel are up

!

show etherchannel summary

!

check both side the port channel is up and running. can you ping from your firewall cli inside interface to any ip address in insdie network which is up and running.

please do not forget to rate.
0 Helpful

Sheraz.Salim
VIP
VIP
In response to Sheraz.Salim

‎01-22-2019 11:11 AM

give a output of this command

 

show failover

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card