Failover ASA 5580 Unsync with Active

salman-ahmad · ‎02-20-2012

Hi,

I have encountered a problem in one of customer that the Active ASA 5580 is unable to sync with Standby Failover ASA. When Active is connected with FO and push the configs to it will not find the ethernet/Gig interfaces due to which the all the configuration were not applied and when the primary ASA the secondary is unable to respond.

When i attached console with the Standby ASA i have seen this error.

Number of interfaces on Active and Standby are not consistent.If the problem persists, you should disable and re-enable failover

on the Standby.

For detail undestanding i am attaching the configs of primary and standby ASA. The KHI-DR-ASA-BB-01 is the standyby firewall.

Do let me know for any furhter clarification and understanding.

Thanks & Regards,

Salman Ahmed

mirober2 · ‎02-29-2012

Hi Salman,

The error message you see is correct. Since the Secondary ASA does not have the Gig3/0 - 3/3 interfaces, it cannot be part of the failover pair (it would not be able to pass traffic if the Primary ASA failed).

Double check the Secondary ASA and make sure the interface card in slot 3 is installed correctly. If you suspect a hardware failure, please open a TAC case to have it investigated.

-Mike

haivrajesh · ‎02-29-2012

Hi Salman,

I understand you have assigned management0/1 as failover interface.this case you have to remove management only on m0/1 interface on both firewall.

Regards

Rajeswar