Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
2
Replies

Cisco ASA Firmwareupdate and Failover Problems

benjamin.rickert11
Level 1
Level 1

‎02-26-2016 12:09 AM - edited ‎03-12-2019 12:24 AM

Hello people

I would appreciate if someone could have a look at my problem.

We are currently running two ASA 5510 in an active/standby configuration. And today somewhat strange happened.

Running firmware 841-11-k8 - planned to upgrade to 847-30-k8 because of CVE-2016-1287.

I planned to upgrade firmware on them. I've Uploaded the new firmware to the main, seit it to boot and THOUGHT I had done the same to the second unit and saved the config. I then noticed that I cant access the second unit and became aware of my mistake. Failover showed Primary as active and seconday as failed.

So I've conncted via console to the second unit and cleaned up my mess with the boot configuration. The device was then reloaded. Shortly after I reset the failover. Second unit saw the primary again and replicated config. Failover state on the primary stated Primary active - Secondary Standby, everything worked fine again.

The whole night the cluster worked well until 07:00 AM this morning. The primary was again in failover state, seconday failed. LED on secondary stated that it was active! Internet access wasnt working, production VPN's on the primary was also down... Kind of a little desaster for a friday morning. As it was already pretty busy I powered off the secondary and reloaded the primary unit. Everythings fine again. Except the fact that Im still running the old firmware and the failover seems to be broken.

As I've reloaded both unites I guess the log files are lost and I've had no chance to investigate. Im a bit uncertain about setting the failover back up because it was running the whole night and just in the morning it blew up everything - for no obvious reason. So my question is: have you any idea what could have happened? Which further information am I able to provide you so that you can help me?

Advice would be very appreciated!

Ben

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-27-2016 05:33 AM

The command

show failover history

...will tell you what the units' cause for doing failover was. It's independent of the logging buffer so the history should still be there.

0 Helpful

benjamin.rickert11
Level 1
Level 1
In response to Marvin Rhoads

‎02-29-2016 07:43 AM

Thank you for your reply. Unfortunately the history is completely empty. I also wonder why the failover event caused the whole internet connection to break rendering both asa's useless until one was powered off.

My read is I have to set it up again to figure out what happened. Unsatisfying.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card