06-23-2021 02:12 PM
In one of my firewall , I am able to see that the failover state is showing as failed :
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: status (Up Sys)
Interface inside: Normal (Monitored)
Interface outside : Failed (Waiting)
slot 1: SFR5525 hw/sw rev (N/A/6.2.3.12-80) status (Up/Up)
ASA FirePOWER, 6.2.3.12-80, Up, (Monitored)
But I am able to see that the outside interface is up
Interface GigabitEthernet1/0 "outside", is up, line protocol is up
Can someone help me , why it is showing as failed.
06-23-2021 02:21 PM
What is the status of the interface on the other ASA?
Check the outside interfaces are able to communicate with each other.
06-23-2021 02:40 PM
Ping the outside interface IP addresses and check the vlan is correct on the switch both ASAs are connected to.
06-23-2021 03:46 PM
We have restricted the icmp traffic on outside interface , hence it will not ping.
Regarding VLAN configurations are good from switch end
06-23-2021 11:47 PM
seem to be issue with the outside interface.
run this command
show failover state
it will give you more detail on the failover side.
also if you want to bring these firewall in HA pair issue a command "no monitor-interface outisde" once the HA back together you can start you troubleshoot to fix the issue for the outside on the secondary firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide