Hi Michael,I think we would

mickyq · ‎06-30-2015

Hi

Using two 5525's in active standby but the secondary wont stay active. It is active briefly then goes into failed state.

any help would be appreciated.

config:

failover
failover lan unit primary
failover lan interface failover GigabitEthernet0/7
failover link failover GigabitEthernet0/7
failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2

buffer log:

.%ASA-7-720042: (VPN-Secondary) Receiving Delete RAMFS message delete path /sessions/20480@1435494958/MISC from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving Delete RAMFS message delete path /sessions/20480@1435494958/user:ssltest from active unit

.%ASA-1-104004: (Secondary) Switching to OK.

.%ASA-6-720037: (VPN-Secondary) HA progression callback: id=3,seq=200,grp=0,event=104,op=2,my=Standby Ready,peer=Active.

.%ASA-7-720048: (VPN-Secondary) FSM action trace begin: state=, last event=, func=vpnfo_fsm_standby_ready.

.%ASA-6-720040: (VPN-Secondary) VPN failover client is transitioning to standby state

.%ASA-7-720049: (VPN-Secondary) FSM action trace end: state=, last event=, return=2, func=vpnfo_fsm_standby_ready.

.%ASA-7-720042: (VPN-Secondary) Receiving Command Link Bulk Sync message (Command 6) from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving Sync Self-Signed Cert message (Interface outside) from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving Sync Self-Signed Cert message (Interface inside) from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving Sync Self-Signed Cert message (Interface management) from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving WebVPN SYNC CSD XML Data message src flash:/sdesktop/data.xml, dst cache:/sdesktop/data.xml from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving Trustpool certs message CLEAN from active unit

.%ASA-7-720042: (VPN-Secondary) Receiving Command Link Bulk Sync message (Command 7) from active unit

.%ASA-6-721003: (WebVPN-Secondary) HA progression change: event HA_PROG_STANDBY_READY, my state Standby Ready, peer state Active.

.%ASA-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=405,op=80,my=Standby Ready,peer=Active.

.%ASA-6-720027: (VPN-Secondary) HA status callback: My state Standby Ready.

.%ASA-6-721002: (WebVPN-Secondary) HA status change: event HA_STATUS_MY_STATE, my state Standby Ready, peer state Active.

.%ASA-1-105004: (Secondary) Monitoring on interface outside normal

.%ASA-1-105004: (Secondary) Monitoring on interface inside normal

.%ASA-1-105004: (Secondary) Monitoring on interface dmz1 normal

.%ASA-1-105004: (Secondary) Monitoring on interface dmz2 normal

.%ASA-1-105004: (Secondary) Monitoring on interface dmz3 normal

.%ASA-1-105004: (Secondary) Monitoring on interface dmz4 normal

.%ASA-6-720037: (VPN-Secondary) HA progression callback: id=3,seq=200,grp=0,event=52,op=23,my=Failed,peer=Active.

.%ASA-7-720048: (VPN-Secondary) FSM action trace begin: state=, last event=, func=vpnfo_fsm_fail.

.%ASA-7-720049: (VPN-Secondary) FSM action trace end: state=, last event=, return=0, func=vpnfo_fsm_fail.

.%ASA-6-721003: (WebVPN-Secondary) HA progression change: event HA_PROG_FAILED, my state Failed, peer state Active.

.%ASA-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=405,op=20,my=Failed,peer=Active.

.%ASA-6-720027: (VPN-Secondary) HA status callback: My state Failed.

.%ASA-6-721002: (WebVPN-Secondary) HA status change: event HA_STATUS_MY_STATE, my state Failed, peer state Active.

Vibhor Amrodia · ‎07-01-2015

Hi Michael,

I think we would need more information to find out the reason for the failover on this HA Pair:-

1) show failover history

2) show failover state

Thanks and Regards,

Vibhor Amrodia

firewall active/standby failover