Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1540
Views
0
Helpful
3
Replies

Cisco ASA 5508-X Failover issue

abhinav2938
Level 1
Level 1

‎11-22-2019 09:25 AM

Hello all,

 

I was trying to upgrade to the latest Anyconnect version on the ASA pair. I successfully did that, to both of them but in the process, the Primary active FW became as Secondary active to make it back to Primary active I gave the command: " failover lan unit primary". This made it from Secondary active to Primary active. However, the previous Primary standby got disconnected and I am not able to connect to it. I am also not able to console the FW through opengear. The FW is located somewhere else, I am planning to tell someone at that site to physically reboot it? I guess once it comes back it will go back to being Secondary standby. Please suggest whether that's the right way or is there any other options. Thanks in advance.

 

sh failover output:

 

 

Failover On
Failover unit Primary
Failover LAN Interface: folink GigabitEthernet1/8 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 60 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.9(2), Mate 9.9(2)

Last Failover at: 17:32:53 UTC Nov 20 2019


This host: Primary - Active
Active time: 171662 (sec)
slot 1: ASA5508 hw/sw rev (3.1/9.9(2)) status (Up Sys)
Interface outsidePtera (69.28.35.209): Normal (Waiting)
Interface ousideISP2 (0.0.0.0): Normal (Waiting)
Interface inside (172.16.32.78): Normal (Waiting)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)


Other host: Secondary - Failed
Active time: 5101867 (sec)
slot 1: ASA5508 hw/sw rev (3.1/9.9(2)) status (Unknown/Unknown)
Interface outsidePtera (69.28.35.210): Unknown (Monitored)
Interface ousideISP2 (0.0.0.0): Unknown (Waiting)
Interface inside (172.16.32.77): Unknown (Monitored)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Unknown/Unknown)
ASA FirePOWER, 6.2.2-81, Unknown, (Monitored)
slot 2: SFR5508 hw/sw rev (N/A/6.2.2-81) status (Unknown/Unknown)
ASA FirePOWER, 6.2.2-81, Unknown, (Monitored)

 

#ciscoASA #ASA #failover

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎11-22-2019 02:38 PM

Technically as per your information this Primary - Failover unit Primary and This host: Primary - Active

 

if you hard reboot other ASA, that will become standby since primary already active here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

abhinav2938
Level 1
Level 1
In response to balaji.bandi

‎11-22-2019 03:02 PM

Ok, just wanted to confirm. I guess the hard reboot is the only option. Will the hard reboot should impact the primary active unit? Also, will the hard reboot cause to lose the configuration on the secondary?
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to abhinav2938

‎11-22-2019 03:12 PM

hard boot does not impact the Primary at all,  even the secondary lose the configuration this will not impact on the primary.

 

If you are more cautious you can do the below steps :

 

1. Take a backup configuration.

2. at remote end connect console cable and take team viewer control to look the boot process.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card