Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
631
Views
1
Helpful
3
Replies

Failover Secondary/Active problem

Leopardi
Level 1
Level 1

‎03-21-2023 02:44 AM

FPR 2110 with ASA 9.14.3.18

Hello, everyone,
we have an architecture of two ASAs with the above versions that failover between them and are clustered.
Last week we noticed that when doing failover communication with the hello message , some vpn clients would drop. For this reason we decided to isolate the secondary, going to turn off all the communication ports with internal and external and the port that was supposed to do the failover, keeping management on so that it would remain reachable. Now, on Saturday, we don't understand the reasons, what was supposed to be secondary has requested failover and has become the active one, we believe, with the managment interface because it has also taken the managment ip of the primary. We have no persistent logs, a high log buffer and not even a log server. We only see this from the show failover history command where we can clearly see that both devices are active. Do you have any explanation? G

reetings

3 Replies 3

tvotna
Spotlight

‎03-21-2023 03:33 AM

I believe this shouldn't normally happen, unless secondary was rebooted or there was a temporary communication failure between primary and secondary over management interface. In both such cases secondary would become active, because failover link is down, and split-brain would not be resolved, even though both units have working management interface which could potentially be used to send failover messages. This is design defect CSCvz08085 ENH: Avoid split brain when failover link comm is not possible during boot/election process

0 Helpful

MHM Cisco World
VIP
VIP

‎03-21-2023 06:34 AM

you mention active/standby in your post  and then you mention cluster,
which case is Active/Standby or Cluster ?? 

0 Helpful

Leopardi
Level 1
Level 1

‎03-23-2023 07:15 AM

Sorry for the inconsistency, it is an Active/standby system. The last, we have resolved switching off the managment interface from the secondary switch and making it completely isolated

0 Helpful
Review Cisco Networking for a $25 gift card
Top