cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1362
Views
0
Helpful
6
Replies

FAILOVER ISSUE

csco11522833
Level 1
Level 1

we have two ASA in multicontext mode.  When I connect to primary after few min it got disconnect when I try to login again it login to secondary device. 

 

13:31:11 GMT/BDT May 9 2018
Standby Ready Failed Interface check

13:31:24 GMT/BDT May 9 2018
Failed Standby Ready Interface check

02:37:38 GMT/BDT May 16 2018
Standby Ready Just Active HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Just Active Active Drain HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Active Drain Active Applying Config HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Active Applying Config Active Config Applied HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Active Config Applied Active HELLO not heard from mate

==========================================================================
SLP2PVPN01/sec/act#

1 Accepted Solution

Accepted Solutions

issue has been resolved

1 I have changed the cable from firewall to switch

2 restart the device

 

View solution in original post

6 Replies 6

mattjones03
Level 1
Level 1

Hi,

 

My assumption without seeing the configuration is that one of your monitored interfaces is unstable. This would prompt a failed interface check, thus causing a firewall failover.

 

If you issue the command; ‘sh failover stat’ this will provide a bit more context as to which interface caused the failover event.

 

Are any other context showing the same behaviour?

failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover key *****
failover replication http
failover link state GigabitEthernet0/2
failover interface ip failover 1.1.2.1 255.255.255.252 standby 1.1.2.2
failover interface ip state 1.1.1.1 255.255.255.252 standby 1.1.1.2

Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/3 (Failed - No Switchover)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 1049 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.7(1)4, Mate 9.7(1)4
Serial Number: Ours abc, Mate xyz
Last Failover at: 02:37:38 GMT/BDT May 16 2018
This host: Secondary - Active
Active time: 435103 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (4.0/9.7(1)4) status (Up Sys)
admin Interface management (10.255.3.1): Normal (Waiting)
TP-vpn Interface outside (40.1.1.1): Normal (Waiting)
TP-vpn Interface inside (10.255.4.1): Normal (Waiting)
L4-vpn Interface inside (10.255.3.1): Unknown (Waiting)
L4-vpn Interface outside (50.1.1.1): Normal (Waiting)
slot 1: empty
slot 1: empty
Other host: Primary - Failed
Active time: 13960072 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (2.2/9.7(1)4) status (Up Sys)
admin Interface management (10.255.3.2): Unknown (Monitored)
TP-vpn Interface outside (40.1.1.2): Unknown (Monitored)
TP-vpn Interface inside (10.255.4.2): Unknown (Monitored)
L4-vpn Interface inside (10.255.3.2): Unknown (Monitored)
L4-vpn Interface outside (50.1.1.2): Unknown (Monitored)
slot 1: empty
slot 1: empty

 sh failover state

State Last Failure Reason Date/Time
This host - Secondary
Active Ifc Failure 13:31:11 GMT/BDT May 9 2018
TP-vpn inside: Failed
L4-vpn inside: Failed
Other host - Primary
Failed Comm Failure 02:37:38 GMT/BDT May 16 2018

====Configuration State===
Sync Done - STANDBY
====Communication State===

 

issue has been resolved

1 I have changed the cable from firewall to switch

2 restart the device

 

Hi,

 

Unstable monitored interface then?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: