Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
1
Helpful
4
Replies

ASAv VMware host network interface requirements

Garry Cooper
Level 1
Level 1

‎11-29-2023 03:20 AM

We have a pair of ASAv in HA running on vmware. there was an issue with the primary so we flipped it over to secondary, but there was issues with the anyconnect clients connecting.
The clients were connected but with no connectivity to local resources.
We rebooted the primary and I watched the boot process, but there was showing errors so we made the decision to build a new asav and bring it back into HA.
This was completed fine. but when we failed it back to primary we had the same issue with clients being connected but no resources no available..

ASAv version 9.18(3)53
Vmware version 7.0.3

The Vmware Hosts are dual linked across two nexus9k 93108 switches, these are not setup with etherchannel but relying on the vmware hosts managing the arp entries.
What are the requirements for Vmware host and dual interfaces

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎11-29-2023 03:28 AM

Looks for me the Failover IP moved from new active device - but some where in the network the ARP still pointing to old device - so the routing failing.

check some guide lines : (settings required on the VMWARE and ASA)

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/asav/quick-start-book/asav-910-qsg/asav_vmware.html

can you draw small diagram how that network looks like ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Garry Cooper
Level 1
Level 1

‎11-29-2023 05:28 AM

Thanks for the reply see attached network diagram

Preview file
66 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Garry Cooper

‎11-29-2023 09:54 AM

thank you, that shows  only 1 connection,  does not show sync and in and out interface, they are all in 1 interface (sub interface ?)

some configuration of ASA also help with show failover information.

have you checked the settings i posted before on esxi. (on esxi what switch you using vswitch or dswitch? )

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Garry Cooper
Level 1
Level 1

‎11-29-2023 11:57 PM - edited ‎11-29-2023 11:58 PM

Balaji.

Thanks for the reply. I have updated the diagram.  see attached.

Also here is the config but just to understand the primary is turned off because of the issues but before the issue failover was working .

ncc-anyconnect# sh run | inc failover
failover
failover lan unit secondary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 192.168.1.1 255.255.255.252 standby 192.168.1.2
no failover wait-disable
ncc-anyconnect# sh fail
ncc-anyconnect# sh failover state

State Last Failure Reason Date/Time
This host - Secondary
Active None
Other host - Primary
Failed Comm Failure 09:28:00 GMT/BST Nov 29 2023

====Configuration State===
====Communication State===

Preview file
57 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card