Solved: Failover---- this host primary - disabled

mahesh18 · ‎08-04-2013

hi everyone,

On single ASA 5505 with Security plus license i did some failover config for testing purposes

below is the output

ASA1# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: test Vlan4 (Configuration incomplete)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 23 maximum

Version: Ours 9.1(1), Mate Unknown

Last Failover at: 12:27:17 MST Aug 4 2013

This host: Primary - Disabled

Active time: 0 (sec)

slot 0: ASA5505 hw/sw rev (0.2/9.1(1)) status (Up Sys)

Interface outside (192.168.71.2): Unknown (Waiting)

Interface inside (10.0.0.1): No Link (Waiting)

Interface DMZ (192.168.70.1): No Link (Waiting)

slot 1: empty

Other host: Secondary - Not Detected

Active time: 0 (sec)

Interface outside (0.0.0.0): Unknown (Waiting)

Interface inside (0.0.0.0): Unknown (Waiting)

Interface DMZ (0.0.0.0): Unknown (Waiting)

ASA1# sh failover state

State Last Failure Reason Date/Time

This host - Primary

Disabled None

Other host - Secondary

Not Detected None

====Configuration State===

====Communication State===

need to know why is asa showing up this host primary -- as disabled?

Is there a way i can make it as active???

Regards

MAhesh

Jouni Forss · ‎08-04-2013

Hi,

More interesting output would be

show run failover

and

show run interface

The above output you posted would seem to indicate that your configuration is incomplete

- Jouni

View solution in original post

Jouni Forss · ‎08-04-2013

Hi,

You need to assing some of the Ethernet0/x ports to the Vlan4

interface Ethernet0/x

switchport access vlan 4

Then you need to connect that port to the other ASA

You will also need to configure the IP address for the Failover link

failover interface ip test x.x.x.x 255.255.255.0 standby x.x.x.y

- Jouni

View solution in original post

Jouni Forss · ‎08-04-2013

Hi,

More interesting output would be

show run failover

and

show run interface

The above output you posted would seem to indicate that your configuration is incomplete

- Jouni

mahesh18 · ‎08-04-2013

Hi jouni,

ASA1/pri/act# sh run failover

failover

failover lan unit primary

failover lan interface test Vlan4

ASA1/pri/act# sh run int

ASA1/pri/act# sh run interface

!

interface Ethernet0/0

description Connection From Outside Int of ASA to 3550A

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

description DMZ Connection to Switch

switchport access vlan 3

!

interface Ethernet0/3

switchport access vlan 3

!

interface Ethernet0/4

description Connection to Sony Laptop

switchport access vlan 3

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

shutdown

!

interface Vlan1

description Connection to Outside 3550A

nameif outside

security-level 0

ip address 192.168.71.2 255.255.255.0

!

interface Vlan2

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface Vlan3

nameif DMZ

security-level 50

ip address 192.168.70.1 255.255.255.0

!

interface Vlan4

description LAN Failover Interface

!

interface Vlan19

no nameif

no security-level

no ip address

Here is the interesting output.

Regards

MAhesh

Jouni Forss · ‎08-04-2013

Hi,

You need to assing some of the Ethernet0/x ports to the Vlan4

interface Ethernet0/x

switchport access vlan 4

Then you need to connect that port to the other ASA

You will also need to configure the IP address for the Failover link

failover interface ip test x.x.x.x 255.255.255.0 standby x.x.x.y

- Jouni

mahesh18 · ‎08-04-2013

Hi jouni,

It worked great.

ASA1/pri/act# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: test Vlan4 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 23 maximum

Version: Ours 9.1(1), Mate Unknown

Last Failover at: 13:24:32 MST Aug 4 2013

This host: Primary - Active

Active time: 37 (sec)

slot 0: ASA5505 hw/sw rev (0.2/9.1(1)) status (Up Sys)

Interface outside (192.168.71.2): Unknown (Waiting)

Interface inside (10.0.0.1): No Link (Waiting)

Interface DMZ (192.168.70.1): No Link (Waiting)

slot 1: empty

Other host: Secondary - Failed

Active time: 0 (sec)

Interface outside (0.0.0.0): Unknown (Waiting)

Interface inside (0.0.0.0): Unknown (Waiting)

Interface DMZ (0.0.0.0): Unknown (Waiting)

Regards

Mahesh