05-20-2018 11:29 AM - edited 02-21-2020 07:47 AM
we have two ASA in multicontext mode. When I connect to primary after few min it got disconnect when I try to login again it login to secondary device.
13:31:11 GMT/BDT May 9 2018
Standby Ready Failed Interface check
13:31:24 GMT/BDT May 9 2018
Failed Standby Ready Interface check
02:37:38 GMT/BDT May 16 2018
Standby Ready Just Active HELLO not heard from mate
02:37:38 GMT/BDT May 16 2018
Just Active Active Drain HELLO not heard from mate
02:37:38 GMT/BDT May 16 2018
Active Drain Active Applying Config HELLO not heard from mate
02:37:38 GMT/BDT May 16 2018
Active Applying Config Active Config Applied HELLO not heard from mate
02:37:38 GMT/BDT May 16 2018
Active Config Applied Active HELLO not heard from mate
==========================================================================
SLP2PVPN01/sec/act#
Solved! Go to Solution.
05-21-2018 09:59 AM
issue has been resolved
1 I have changed the cable from firewall to switch
2 restart the device
05-20-2018 02:45 PM
Hi,
My assumption without seeing the configuration is that one of your monitored interfaces is unstable. This would prompt a failed interface check, thus causing a firewall failover.
If you issue the command; ‘sh failover stat’ this will provide a bit more context as to which interface caused the failover event.
Are any other context showing the same behaviour?
05-20-2018 07:29 PM - edited 05-20-2018 07:29 PM
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover key *****
failover replication http
failover link state GigabitEthernet0/2
failover interface ip failover 1.1.2.1 255.255.255.252 standby 1.1.2.2
failover interface ip state 1.1.1.1 255.255.255.252 standby 1.1.1.2
05-20-2018 07:31 PM - edited 05-20-2018 07:34 PM
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/3 (Failed - No Switchover)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 1049 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.7(1)4, Mate 9.7(1)4
Serial Number: Ours abc, Mate xyz
Last Failover at: 02:37:38 GMT/BDT May 16 2018
This host: Secondary - Active
Active time: 435103 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (4.0/9.7(1)4) status (Up Sys)
admin Interface management (10.255.3.1): Normal (Waiting)
TP-vpn Interface outside (40.1.1.1): Normal (Waiting)
TP-vpn Interface inside (10.255.4.1): Normal (Waiting)
L4-vpn Interface inside (10.255.3.1): Unknown (Waiting)
L4-vpn Interface outside (50.1.1.1): Normal (Waiting)
slot 1: empty
slot 1: empty
Other host: Primary - Failed
Active time: 13960072 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (2.2/9.7(1)4) status (Up Sys)
admin Interface management (10.255.3.2): Unknown (Monitored)
TP-vpn Interface outside (40.1.1.2): Unknown (Monitored)
TP-vpn Interface inside (10.255.4.2): Unknown (Monitored)
L4-vpn Interface inside (10.255.3.2): Unknown (Monitored)
L4-vpn Interface outside (50.1.1.2): Unknown (Monitored)
slot 1: empty
slot 1: empty
05-20-2018 08:12 PM - edited 05-20-2018 08:25 PM
sh failover state
State Last Failure Reason Date/Time
This host - Secondary
Active Ifc Failure 13:31:11 GMT/BDT May 9 2018
TP-vpn inside: Failed
L4-vpn inside: Failed
Other host - Primary
Failed Comm Failure 02:37:38 GMT/BDT May 16 2018
====Configuration State===
Sync Done - STANDBY
====Communication State===
05-21-2018 09:59 AM
issue has been resolved
1 I have changed the cable from firewall to switch
2 restart the device
05-21-2018 11:05 AM
Hi,
Unstable monitored interface then?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: