Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
8
Replies

Failover 5550

adamgibs7
Level 6
Level 6

‎03-05-2011 11:25 AM - edited ‎03-11-2019 01:01 PM

Hello,

Here are the configs for failover:

PRIMARY

failover lan unit primary
failover lan interface failover GigabitEthernet0/3
failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2
failover link failover GigabitEthernet0/3
failover

SECONDARY

failover lan interface failover GigabitEthernet0/3
failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2
failover lan unit secondary
failover

  • In the above configs is it i m missing something for failover????
  • when i shut the INSIDE interface of Secondary ASA I get the below output, It shows me secondary failed and primary Active, WHY it is showing me FAILED instead of STANDBY/READY.  What i know about firewall failover is when active goes down the other becomes standby unit but in this scenario it is showing me FAILED,

FW0001(config)# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 8.2(1), Mate 8.2(1)
Last Failover at: 06:42:51 UTC Mar 5 2011
        This host: Secondary - Failed
                Active time: 3 (sec)
                slot 0: ASA5550 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface outside (88.22.22.22): Normal
                  Interface management (0.0.0.0): No Link (Waiting)
                  Interface inside (10.30.250.3): Failed (Waiting)
                  Interface DMZ (10.30.1.30): Normal
                slot 1: ASA-SSM-4GE-INC hw/sw rev (1.0/1.0(0)10) status (Up)
        Other host: Primary - Active
                Active time: 572 (sec)
                slot 0: ASA5550 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface outside (88.22.22.22): Normal
                  Interface management (192.168.1.1): No Link (Waiting)
                  Interface inside (10.30.250.1): Normal (Waiting)
                  Interface DMZ (10.30.1.1): Normal
                slot 1: ASA-SSM-4GE-INC hw/sw rev (1.0/1.0(0)10) status (Up)
             
Stateful Failover Logical Update Statistics
        Link : failover GigabitEthernet0/3 (up)    

  •    When i do write standby on active firewall the FAILED word vanishes  and Standby/READY  comes just see the output below.

FW0001(config)# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 8.2(1), Mate 8.2(1)
Last Failover at: 19:00:58 UTC Mar 5 2011
        This host: Primary - Active
                Active time: 828 (sec)
                slot 0: ASA5550 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface outside (88.22.22.21): Normal
                  Interface management (192.168.1.1): No Link (Waiting)
                  Interface inside (10.30.250.1): Normal (Waiting)
                  Interface DMZ (10.30.1.1): Normal
                slot 1: ASA-SSM-4GE-INC hw/sw rev (1.0/1.0(0)10) status (Up)
        Other host: Secondary - Standby Ready
                Active time: 413 (sec)
                slot 0: ASA5550 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface outside (88.22.22.22: Normal (Waiting)
                  Interface management (0.0.0.0): No Link (Waiting)
                  Interface inside (10.30.250.3): Normal (Waiting)
                  Interface DMZ (10.30.1.30): Normal (Waiting)
                slot 1: ASA-SSM-4GE-INC hw/sw rev (1.0/1.0(0)10) status (Up)

Labels:
0 Helpful
8 Replies 8

PAUL GILBERT ARIAS
Level 5
Level 5

‎03-05-2011 12:56 PM

Check this link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

I think you missed a line.

Sent from Cisco Technical Support iPhone App

0 Helpful

PAUL GILBERT ARIAS
Level 5
Level 5

‎03-05-2011 01:12 PM

Add the following line on the secondary unit

failover link failover GigabitEthernet0/3

Sent from Cisco Technical Support iPhone App

0 Helpful

adamgibs7
Level 6
Level 6
In response to PAUL GILBERT ARIAS

‎03-06-2011 05:15 AM

Hello Paul,

The command failover link failover GigabitEthernet0/3 is already present i forgot to add in the thread.

Thanks

0 Helpful

PAUL GILBERT ARIAS
Level 5
Level 5
In response to adamgibs7

‎03-06-2011 07:05 AM

on the secondary unit can you try a "failover reset" when being standby?

0 Helpful

adamgibs7
Level 6
Level 6
In response to PAUL GILBERT ARIAS

‎03-06-2011 07:42 AM

Hello Paul,

on the secondary unit can you try a "failover reset" when being standby?

what this command will do exactly ?? I will apply tomorrow.

Question:

whenever i reboot my primary ASA standby becomes active but when primary comes up it takes the active role, this is WHY, I remember once i have applied a failover active command on primary thats the reason it is always comes in active.

IF failover active is the reason  THEN

when i execute a command failover active on the standby firewall, it should be active always ??? but it does'nt happpens it comes active for a while and it comes back to standby.

Thanks.

0 Helpful

PAUL GILBERT ARIAS
Level 5
Level 5
In response to adamgibs7

‎03-06-2011 12:24 PM

failover reset will basically restore a failed appliance:

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/ef.html#wp1931480

If you reboot the primary active unit it should make the secondary unit active and when the primary unit comes back up it should stay as the standby unit.

The important thing here is to have the secondary unit showing standby ready.

0 Helpful

adamgibs7
Level 6
Level 6
In response to PAUL GILBERT ARIAS

‎03-06-2011 12:41 PM

Hello Paul,

If you reboot the primary active unit it should make the secondary unit  active and when the primary unit comes back up it should stay as the  standby unit.

The above what you wrote is not happening with me.

The important thing here is to have the secondary unit showing standby ready.

yes, Where i m missing,

I have connected a failover interface directly from primary to secondary there is no switch in between.

After applying failover active command on standby it becomes active for a while and then again it goes to standby????? WHY

0 Helpful

PAUL GILBERT ARIAS
Level 5
Level 5
In response to adamgibs7

‎03-06-2011 12:46 PM

One question. If your primary unit is active it remains active, right?

I might sound extreme but have you tried erasing the config from the secondary unit and then just add the failover commands?

That might help.

Are you getting logs showing possible failover issues?

Have you enabled failover debugs?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card