Solved: Re: Connectivity test from this device to the peer device failed. - Page 2

HectorNazarenoVasquezMoran2564 · ‎01-18-2021

Hi good morning.

I am trying to configure fail over in ASA, I have two ASAs with the same OS and the same model.

I have assigned the ips address for each interface.

All tests are passed(See screenshot) except for the second that failed.

How canI debug this error or how can solve that?

I run the command clear configuration failover but the result was the same, the same error.

Can you help me?

MHM Cisco World · ‎01-20-2021

..

MHM Cisco World · ‎01-28-2021

The issue is from scsp port 105 is deny in inside outside interface making both asa can not exchange the hello message.

Open this port in policy and see result.

HectorNazarenoVasquezMoran2564 · ‎01-28-2021

Can you tell me where I need to open this port? I am newly with this configuration, is required to create an ACL or where I need to open ?

Please help.

Marius Gunnerud · ‎01-28-2021

What hardware type do you have for FW1?

what hardware type do you have for FW2?

What software version is FW1 running?

What software version is FW2 running?

How are you connecting the firewall interfaces Gig1/7 and Gig1/8 together (through a directly connected link or through a switch?

--
Please remember to select a correct answer and rate helpful posts

HectorNazarenoVasquezMoran2564 · ‎01-29-2021

Both ASAs are 5516 and are running 9.14 OS.

All interfaces are connected trough a switch except the failover and statelink these are connected with a directed link.

MHM Cisco World · ‎01-29-2021

I deep investigated this protocol 105 is enable by default,

But it lead me to one important thing,

Show interface in both asa,

Check the mac address for each monitor interface I suspect that the both asa use same virtual mac address.

So please check, if the mac address is same in any interface please config mac manully.