01-18-2021 07:55 AM
Hi good morning.
I am trying to configure fail over in ASA, I have two ASAs with the same OS and the same model.
I have assigned the ips address for each interface.
All tests are passed(See screenshot) except for the second that failed.
How canI debug this error or how can solve that?
I run the command clear configuration failover but the result was the same, the same error.
Can you help me?
Solved! Go to Solution.
01-20-2021 05:02 AM - edited 01-28-2021 09:02 PM
..
01-28-2021 09:08 PM
The issue is from scsp port 105 is deny in inside outside interface making both asa can not exchange the hello message.
Open this port in policy and see result.
01-28-2021 11:04 PM
Can you tell me where I need to open this port? I am newly with this configuration, is required to create an ACL or where I need to open ?
Please help.
01-28-2021 11:55 PM
What hardware type do you have for FW1?
what hardware type do you have for FW2?
What software version is FW1 running?
What software version is FW2 running?
How are you connecting the firewall interfaces Gig1/7 and Gig1/8 together (through a directly connected link or through a switch?
01-29-2021 07:31 AM
Both ASAs are 5516 and are running 9.14 OS.
All interfaces are connected trough a switch except the failover and statelink these are connected with a directed link.
01-29-2021 05:27 AM - edited 01-29-2021 06:34 AM
I deep investigated this protocol 105 is enable by default,
But it lead me to one important thing,
Show interface in both asa,
Check the mac address for each monitor interface I suspect that the both asa use same virtual mac address.
So please check, if the mac address is same in any interface please config mac manully.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide