11-29-2023 03:20 AM
We have a pair of ASAv in HA running on vmware. there was an issue with the primary so we flipped it over to secondary, but there was issues with the anyconnect clients connecting.
The clients were connected but with no connectivity to local resources.
We rebooted the primary and I watched the boot process, but there was showing errors so we made the decision to build a new asav and bring it back into HA.
This was completed fine. but when we failed it back to primary we had the same issue with clients being connected but no resources no available..
ASAv version 9.18(3)53
Vmware version 7.0.3
The Vmware Hosts are dual linked across two nexus9k 93108 switches, these are not setup with etherchannel but relying on the vmware hosts managing the arp entries.
What are the requirements for Vmware host and dual interfaces
11-29-2023 03:28 AM
Looks for me the Failover IP moved from new active device - but some where in the network the ARP still pointing to old device - so the routing failing.
check some guide lines : (settings required on the VMWARE and ASA)
can you draw small diagram how that network looks like ?
11-29-2023 05:28 AM
11-29-2023 09:54 AM
thank you, that shows only 1 connection, does not show sync and in and out interface, they are all in 1 interface (sub interface ?)
some configuration of ASA also help with show failover information.
have you checked the settings i posted before on esxi. (on esxi what switch you using vswitch or dswitch? )
11-29-2023 11:57 PM - edited 11-29-2023 11:58 PM
Balaji.
Thanks for the reply. I have updated the diagram. see attached.
Also here is the config but just to understand the primary is turned off because of the issues but before the issue failover was working .
ncc-anyconnect# sh run | inc failover
failover
failover lan unit secondary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 192.168.1.1 255.255.255.252 standby 192.168.1.2
no failover wait-disable
ncc-anyconnect# sh fail
ncc-anyconnect# sh failover state
State Last Failure Reason Date/Time
This host - Secondary
Active None
Other host - Primary
Failed Comm Failure 09:28:00 GMT/BST Nov 29 2023
====Configuration State===
====Communication State===
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide