Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1763
Views
0
Helpful
5
Replies

Cisco ASA Failover after reload primary unit Failed

Go to solution
sun_sazanov
Level 1
Level 1

‎03-22-2016 02:06 AM - edited ‎03-12-2019 12:31 AM

Hello.

I have configure ASA Failover.

failover
failover lan unit secondary
failover lan interface FAILOVER Port-channel2
failover link FAILOVER Port-channel2
failover interface ip FAILOVER 172.16.31.249 255.255.255.248 standby 172.16.31.250

!

interface GigabitEthernet0/4
channel-group 2 mode on
!
interface GigabitEthernet0/5
channel-group 2 mode on
!

After reload primary Unit i type "show failover"

MIRAN-ASA5515-1# show failover
Failover On
Failover unit Secondary
Failover LAN Interface: FAILOVER Port-channel2 (Failed - No Switchover)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 114 maximum
Version: Ours 9.1(6)11, Mate 9.1(6)11
Last Failover at: 00:34:39 MSK Mar 18 2016
This host: Secondary - Active
Active time: 386917 (sec)
slot 0: ASA5515 hw/sw rev (1.0/9.1(6)11) status (Up Sys)
Interface management (0.0.0.0): No Link (Not-Monitored)
Interface MANAGE (10.0.0.4): Normal (Not-Monitored)
Interface OUTSIDE (195.19.208.250): Normal (Waiting)
Interface DMZ (195.19.208.242): Normal (Waiting)
Interface INSIDE (172.28.4.2): Normal (Waiting)
Interface IPSEC (172.28.5.2): Normal (Not-Monitored)
Other host: Primary - Failed
Active time: 436 (sec)
slot 0: ASA5515 hw/sw rev (1.0/9.1(6)11) status (Unknown/Unknown)
Interface management (0.0.0.0): Unknown (Not-Monitored)
Interface MANAGE (10.0.0.5): Unknown (Not-Monitored)
Interface OUTSIDE (195.19.208.252): Unknown (Monitored)
Interface DMZ (195.19.208.243): Unknown (Monitored)
Interface INSIDE (172.28.4.3): Unknown (Monitored)
Interface IPSEC (172.28.5.3): Unknown (Not-Monitored)

And i can not connect to primary Unit.

How can I fix this?

Best regards,

Slava

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to sun_sazanov

‎03-22-2016 02:25 AM

Hi,

In that case please reload the primary ASA and then check.

Regards,

Aditya

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎03-22-2016 02:14 AM

Hi,

It can be an issue with the failover link between the ASA's.

Are you able to ping the failover IP's from the respective ASA's.

On the primary ASA can you share the show crash and show blocks output ?

Regards,

Aditya

Please rate helpful posts.

0 Helpful

Go to solution
sun_sazanov
Level 1
Level 1
In response to Aditya Ganjoo

‎03-22-2016 02:21 AM

Hi.

Primary asa don't answer on ping.

MIRAN-ASA5515-1# show failover interface
interface FAILOVER Port-channel2
System IP Address: 172.16.31.249 255.255.255.248
My IP Address : 172.16.31.250
Other IP Address : 172.16.31.249
MIRAN-ASA5515-1# ping
MIRAN-ASA5515-1# ping 172.16.31.249
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.31.249, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)

I don't can connect to primary unit.

Slava

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to sun_sazanov

‎03-22-2016 02:25 AM

Hi,

In that case please reload the primary ASA and then check.

Regards,

Aditya

0 Helpful

Go to solution
sun_sazanov
Level 1
Level 1
In response to Aditya Ganjoo

‎03-23-2016 12:40 AM

After reload all works. 

Thanks for you help.

Slava

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to sun_sazanov

‎03-23-2016 12:45 AM

Hi Slava,

Glad it resolved the issue.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card