Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1017
Views
0
Helpful
3
Replies

HA Failover, fails multiple context

Michael Bartholomæussen
Level 1
Level 1

‎11-28-2017 01:47 AM - edited ‎02-21-2020 06:50 AM

Hi,

 

We are running two 5525x in HA, with multiple contexts. When we force a failover, one context doesn't failover, and connectivity is lost.

In the failed senario, we are able to ping end-points from the failed contexts inside interface, but traversing traffic isn't working.

 

When we fail back, the context is working again and connectivity is restored!

 

Is seems that the context is "stuck" on the working ASA??

 

Any help is much appreciated.

 

Kind regards,

Michael

Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎11-28-2017 01:29 PM

Is this a Active / Active or Active / Standby setup?

How are you forcing the failover? are you physically pulling a cable or issueing the failover active / standby command?

Could you post a complete running config of the system context and the context that is not failing over.  Remember to remove any usernames, passwords or public IPs.

 

Also, please provide us with the output of the following before and after initiating the failover:

show failover

show failover history

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Michael Bartholomæussen
Level 1
Level 1
In response to Marius Gunnerud

‎11-29-2017 12:12 AM

We noticed the issue, when we rebooted the active firewall with a new image. After that we forced a failover several times, with the failover cmds, Everytime, connectivity to a specific part of the network was lost.

 

I have posted the config you have requested.

 

The traffic in question, is traversing Port-Channel10.64, and it is from this interface 172.20.1.26, that we are able to ping end-points 192.168.125.60 when the failover have failed, but unable to ping from our NMS 192.168.1.139. When failing back, our NMS has reachability towards 192.168.125.60.

 

 

Preview file
60 KB
Preview file
10 KB
0 Helpful

Michael Bartholomæussen
Level 1
Level 1
In response to Marius Gunnerud

‎12-06-2017 03:35 AM - edited ‎12-06-2017 05:53 AM

Our core switch had an incorrect adjindex, so the software to hardware write failed. After shutdown of the specific vlan, and no shutdown the hardware was refreshed and the problem solved.

 

I've posted the error here ->

https://supportforums.cisco.com/t5/lan-switching-and-routing/hardware-error-sh-platform-hardware-ip-route-ipv4/td-p/3227913

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card