Solved: FAILOVER ISSUE

csco11522833 · ‎05-20-2018

we have two ASA in multicontext mode. When I connect to primary after few min it got disconnect when I try to login again it login to secondary device.

13:31:11 GMT/BDT May 9 2018
Standby Ready Failed Interface check

13:31:24 GMT/BDT May 9 2018
Failed Standby Ready Interface check

02:37:38 GMT/BDT May 16 2018
Standby Ready Just Active HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Just Active Active Drain HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Active Drain Active Applying Config HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Active Applying Config Active Config Applied HELLO not heard from mate

02:37:38 GMT/BDT May 16 2018
Active Config Applied Active HELLO not heard from mate

==========================================================================
SLP2PVPN01/sec/act#

csco11522833 · ‎05-21-2018

issue has been resolved

1 I have changed the cable from firewall to switch

2 restart the device

View solution in original post

mattjones03 · ‎05-20-2018

Hi,

My assumption without seeing the configuration is that one of your monitored interfaces is unstable. This would prompt a failed interface check, thus causing a firewall failover.

If you issue the command; ‘sh failover stat’ this will provide a bit more context as to which interface caused the failover event.

Are any other context showing the same behaviour?

csco11522833 · ‎05-20-2018

failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover key *****
failover replication http
failover link state GigabitEthernet0/2
failover interface ip failover 1.1.2.1 255.255.255.252 standby 1.1.2.2
failover interface ip state 1.1.1.1 255.255.255.252 standby 1.1.1.2

csco11522833 · ‎05-20-2018

Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/3 (Failed - No Switchover)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 1049 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.7(1)4, Mate 9.7(1)4
Serial Number: Ours abc, Mate xyz
Last Failover at: 02:37:38 GMT/BDT May 16 2018
This host: Secondary - Active
Active time: 435103 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (4.0/9.7(1)4) status (Up Sys)
admin Interface management (10.255.3.1): Normal (Waiting)
TP-vpn Interface outside (40.1.1.1): Normal (Waiting)
TP-vpn Interface inside (10.255.4.1): Normal (Waiting)
L4-vpn Interface inside (10.255.3.1): Unknown (Waiting)
L4-vpn Interface outside (50.1.1.1): Normal (Waiting)
slot 1: empty
slot 1: empty
Other host: Primary - Failed
Active time: 13960072 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (2.2/9.7(1)4) status (Up Sys)
admin Interface management (10.255.3.2): Unknown (Monitored)
TP-vpn Interface outside (40.1.1.2): Unknown (Monitored)
TP-vpn Interface inside (10.255.4.2): Unknown (Monitored)
L4-vpn Interface inside (10.255.3.2): Unknown (Monitored)
L4-vpn Interface outside (50.1.1.2): Unknown (Monitored)
slot 1: empty
slot 1: empty

csco11522833 · ‎05-20-2018

sh failover state

State Last Failure Reason Date/Time
This host - Secondary
Active Ifc Failure 13:31:11 GMT/BDT May 9 2018
TP-vpn inside: Failed
L4-vpn inside: Failed
Other host - Primary
Failed Comm Failure 02:37:38 GMT/BDT May 16 2018

====Configuration State===
Sync Done - STANDBY
====Communication State===

csco11522833 · ‎05-21-2018

issue has been resolved

1 I have changed the cable from firewall to switch

2 restart the device

mattjones03 · ‎05-21-2018

Hi,

Unstable monitored interface then?