Solved: ASA5512X Failover Communication Failure

starke · ‎11-07-2025

I am using 2 ASA 5512Xs with the same bin, version 9.12(4).67 , hardware (4GB ram and clarkdale 2.8Ghz cpu), and license (security plus) but when I do show failover state it says there is a communication failure between the two. I am connecting them with a direct link gi0/0 on both... primary is 192.168.254.1/30 and secondary is 192.168.254.2/30. Link light is solid green and orange but I have already tried changing the cables.

balaji.bandi · ‎11-08-2025

I have not sanitized the total configuration, but a quick look at the related problem - On the secondary, this is the wrong

failover interface IP FAIL 192.168.254.2 255.255.255.252 standby 192.168.254.1

change to

failover interface ip FAIL 192.168.254.1 255.255.255.252 standby 192.168.254.2

and test

Ensure you can ping each other's IP addresses before enabling failover.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

starke · ‎11-07-2025

Attached are the running configs

balaji.bandi · ‎11-08-2025

I have not sanitized the total configuration, but a quick look at the related problem - On the secondary, this is the wrong

failover interface IP FAIL 192.168.254.2 255.255.255.252 standby 192.168.254.1

change to

failover interface ip FAIL 192.168.254.1 255.255.255.252 standby 192.168.254.2

and test

Ensure you can ping each other's IP addresses before enabling failover.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

starke · ‎11-09-2025

Well I meant to make the secondary 192.168.254.2 and have the standby be .1 (the primary). When I did show interface ip brief I saw that g0/0 had an ip address of 192.168.254.1 even though I set it manually as .2. So I asked chat and it said that they were negotiating over who was going to be the primary because I didnt wait for original primary to failover completely.

Basically when I saw that ip address on the g/0/0 interface I just disabled the secondary failover unit and started over on the primary. I waited until I saw the log message stating no active mate detected, then I went back to the secondary and retyped the commands. From there it started syncing but because the interfaces on each ASA are mismatched it hasnt fully synced. I dont know I am still working on it

balaji.bandi · ‎11-09-2025

suggest wait until full sync, you can give any errors :

show failover history

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aref Alsouqi · ‎11-10-2025

Both units need to be configured with the same IP addresses commands. Once you apply the command to both of them, then you can access the primary via the .1 IP and the standby via the .2 IP. Basically the first IP on the command line "192.168.254.1" will be used by the primary device, and the IP "192.168.254.2" will be used by the secondary device. In case the primary becomes the standby and you try to connect to the .1 you will end up on the standby unit.

starke · ‎11-11-2025

thank you for explaining it is a lot more simple than I thought

Aref Alsouqi · ‎12-03-2025

You're welcome.