failover on ASA5520 v8.4

Euan Jouve · ‎06-25-2013

hi everyone,

i'm currently facing a problem on a ASA5520 pair configured in active/passive stateful mode that keep failover to standby unit for comm failure reason.

the 2 ASA have a SSM 4GE and are connected thru the g0/3 onboard interface directly, first with a regular cable and now with a Xover cable.

here is the failover configuration (standby)

failover

failover lan unit secondary

failover lan interface FailOver GigabitEthernet0/3

failover polltime unit msec 200 holdtime 30

failover polltime interface 15 holdtime 75

failover interface-policy 2

failover replication http

failover link FailOver GigabitEthernet0/3

failover interface ip FailOver 2.2.2.1 255.255.255.252 standby 2.2.2.2

the interface is showed as "up" and i can ping the mate IP without any issue but the failover status gives me a host "failed".

i've rebooted manually the primary unit and the failover gets back to normal for 2-3 days and drops off again

i haven't any logs as the syslog collector isn't deployed yet and this failover happen randomly, i still can see TCP and general recieve errors hapening (20-30).

i have also checked the counter on the interface itself without any errors showing up.

i may probably missed something or looking in the wrong place but i'm clueless on the reseon why this failover doesn't work as intended.

i'll appreciate any input on this issue or guidance gladly !!

thanks in advance

Euan

Harish Balakrishnan · ‎06-25-2013

Hello Euan,

Can you check the failover history on the secondary box and what is th reason for the last failure. By the way, is the management port for both are connected to the switch ?

regards

Harsh,

Euan Jouve · ‎06-26-2013

Hi Harsh,

thanks for answering to this,

reason for failover is "HELLO not heard from mate".

the management port is not in use and shutdown, by the way i just realized that i was pinging the wrong IP address 2.2.2.2 instead of 2.2.2.1.

no reply on this address so far.

thanks for your advices.

Euan

Harish Balakrishnan · ‎06-27-2013

Hello Euan,

Hmm looks like some communication issue between these two.. also try to remove the command

failover link FailOver GigabitEthernet0/3 and try again..

regards

Harish.

Euan Jouve · ‎07-02-2013

Hi Harsh,

tested this also without any proper results, i'll try to update from version 8.4(2)to 8.4(6).

a local reseller contacted me on this purpose as he did have the same issue on another appliance and the upgrade did fix the drop of the failover .

i'll post result in here asap.

thanks for your help

Cheers

Euan

pankaj29in · ‎07-03-2013

Hi Euan,

After upgradation if it happns again , try using another port for failover. as you have mentioned you are not using Management port, use it. i hope this works.

Capture packets of failover ports to check out the issue.

Regards

Pankaj

Euan Jouve · ‎07-21-2013

Hi Pankaj,

the uoplift of ASA version to 8.4(6) seemed to have solved the issue, at the same time i had some feedback on the behavior of the ASA in failover process.

the monitored interface needs to be addressed in standby as active in order to increase stability (the provider of my equipement had a similar issue and noted that having a monitored interface addressed solved some issue with failover)

thanks for your assistance

subject can be closed

Euan

Sanjay Shaw · ‎07-21-2013

Hi Euan,

As you have stated, the monitored interface needs to be addressed in standby as active in order to increase stability.

So it would be helpful for the forum if you state the command line that has been added.

pankaj29in · ‎07-21-2013

Hi,

Please rate useful answers.

Cheers

Pankaj