12-30-2009 10:26 PM - last edited on 03-25-2019 05:44 PM by ciscomoderator
Hi,
In our setup we have configured LAN base failover in ASA5550 firewalls in Active/Standby mode.Yesterday automatic failover happened and secondary become active and primary in standby mode.
When we checked the primary firewall we found that it was rebooted.
We have not configured the syslog server so we have left no log with us.Even in show tech support we are not finding any log message and crash file info is also not there.
Can we find out the root cause of firewall reboot without syslog or console log message?
Failover messages:
If we see the “show failover history” output on secondary ASA5550 firewall
we get the following log:
==========================================================================
From State To State Reason
==========================================================================
00:23:07 IST Dec 23 2009
Standby Ready Just Active HELLO not heard from mate
00:23:08 IST Dec 23 2009
Just Active Active Drain HELLO not heard from mate
00:23:08 IST Dec 23 2009
Active Drain Active Applying Config HELLO not heard from mate
00:23:08 IST Dec 23 2009
Active Applying Config Active Config Applied HELLO not heard from mate
00:23:08 IST Dec 23 2009
Active Config Applied Active HELLO not heard from mate
-------------------------------------------------------------------------------------------------------------------
If we see the “show failover history” output on Primary ASA5550 firewall at 00:23:07
IST Dec 23 2009 there is no log available.
On Primary failover log is available on 00:25:25 IST Dec 23 2009 (After Secondary became Active).
==========================================================================
From State To State Reason
==========================================================================
00:25:25 IST Dec 23 2009
Not Detected Negotiation No Error
00:25:32 IST Dec 23 2009
Negotiation Cold Standby Detected an Active mate
00:25:34 IST Dec 23 2009
Cold Standby Sync Config Detected an Active mate
00:25:46 IST Dec 23 2009
Sync Config Sync File System Detected an Active mate
00:25:46 IST Dec 23 2009
Sync File System Bulk Sync Detected an Active mate
00:25:50 IST Dec 23 2009
Bulk Sync Standby Ready Detected an Active mate
Please help me.
Thanks in advance.
Cheers!!!!!!!!
Vivekanand V
12-31-2009 03:55 AM
Hello Vivekanand,
Are the ASAs directly connected for the LAN failover or connected to a switch port?
Also what is the software version?
12-31-2009 12:29 PM
Vivekanand,
Pls. see if the unit shows any output for "sh crash". If so, pls. open a TAC case and provide them the crash info. along with a sh tech and we will be able to decode the crash and let you know if you are running into an already known issue and suggest a code upgrade accordingly.
If this is a new crash then, we would file a defect to address this.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide