i'm currently facing a problem on a ASA5520 pair configured in active/passive stateful mode that keep failover to standby unit for comm failure reason.
the 2 ASA have a SSM 4GE and are connected thru the g0/3 onboard interface directly, first with a regular cable and now with a Xover cable.
here is the failover configuration (standby)
failover lan unit secondary
failover lan interface FailOver GigabitEthernet0/3
failover polltime unit msec 200 holdtime 30
failover polltime interface 15 holdtime 75
failover interface-policy 2
failover replication http
failover link FailOver GigabitEthernet0/3
failover interface ip FailOver 22.214.171.124 255.255.255.252 standby 126.96.36.199
the interface is showed as "up" and i can ping the mate IP without any issue but the failover status gives me a host "failed".
i've rebooted manually the primary unit and the failover gets back to normal for 2-3 days and drops off again
i haven't any logs as the syslog collector isn't deployed yet and this failover happen randomly, i still can see TCP and general recieve errors hapening (20-30).
i have also checked the counter on the interface itself without any errors showing up.
i may probably missed something or looking in the wrong place but i'm clueless on the reseon why this failover doesn't work as intended.
i'll appreciate any input on this issue or guidance gladly !!
thanks in advance
Can you check the failover history on the secondary box and what is th reason for the last failure. By the way, is the management port for both are connected to the switch ?
thanks for answering to this,
reason for failover is "HELLO not heard from mate".
the management port is not in use and shutdown, by the way i just realized that i was pinging the wrong IP address 188.8.131.52 instead of 184.108.40.206.
no reply on this address so far.
thanks for your advices.
Hmm looks like some communication issue between these two.. also try to remove the command
failover link FailOver GigabitEthernet0/3 and try again..
tested this also without any proper results, i'll try to update from version 8.4(2)to 8.4(6).
a local reseller contacted me on this purpose as he did have the same issue on another appliance and the upgrade did fix the drop of the failover .
i'll post result in here asap.
thanks for your help
After upgradation if it happns again , try using another port for failover. as you have mentioned you are not using Management port, use it. i hope this works.
Capture packets of failover ports to check out the issue.
the uoplift of ASA version to 8.4(6) seemed to have solved the issue, at the same time i had some feedback on the behavior of the ASA in failover process.
the monitored interface needs to be addressed in standby as active in order to increase stability (the provider of my equipement had a similar issue and noted that having a monitored interface addressed solved some issue with failover)
thanks for your assistance
subject can be closed
As you have stated, the monitored interface needs to be addressed in standby as active in order to increase stability.
So it would be helpful for the forum if you state the command line that has been added.