10-29-2014 05:50 AM - edited 03-11-2019 10:00 PM
Hi
I have a pair of firewall 5520 which is running 8.2(5) image.
Recently I am facing the "HA state progression failed" failover issue in the secondary unit which forces the secondary unit to failover disabled stage.
Any body have idea why it is happening.
Both firewalls are directly connected. for the troubleshooting purposed I had changed the failover cable and other cables of secondary unit as well. this incident happened three times in last two three week. i had not done any changes regarding the failover concern.
some outputs Running config
interface Management0/0
description LAN Failover Interface
failover lan unit secondary
failover lan interface lan_fail Management0/0
failover key *****
failover interface ip lan_fail 1.1.1.1 255.255.255.252 standby 1.1.1.2
------------------ show failover ------------------
Failover Off (pseudo-Standby)
Failover unit Secondary
Failover LAN Interface: lan_fail Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
------------------ show failover history ------------------
==========================================================================
From State To State Reason
==========================================================================
02:16:25
Not Detected Negotiation No Error
02:16:45
Negotiation Cold Standby Detected an Active mate
02:17:00
Cold Standby Disabled HA state progression failed
==========================================================================
show failover state
State Last Failure Reason Date/Time
This host - Secondary
Disabled None
Other host - Primary
Not Detected None
====Configuration State===
====Communication State===
10-29-2014 06:42 AM
Hi ,
Kindly provide below outputs and verify is there is any crash on secondary ASA.
sh failover history ( complete output from Primary and secondary )
sh version ( primary and secondary )
Thanks,
Prashant Joshi
10-30-2014 04:31 AM
Hi,
Both firewall have the same IOS, License , hardware. it was working smooth from last 1,2 yrs
Also u i had shared the show failover history from secondary unit, From Primary it dont effect any because fail-over didn't happened.
have a pair of firewall 5520 which is running 8.2(5) image
10-30-2014 04:51 AM
I am wondering if you might be running into this bug:
https://tools.cisco.com/bugsearch/bug/CSCtg55257
--
Please remember to select a correct answer and rate helpful posts
10-30-2014 05:10 AM
Hi,
I asked those outputs to check uptime on your secondary ASA, because I suspect your secondary firewall crashed and caused this issue.
I asked "failover history" output from Primary to see all the past failover activities.
Thanks,
Prashant Joshi
12-11-2014 06:37 AM
Dear Prashant
I want to apply license to increase security context in FWSM which is running in Active-Active mode on VSS Core switches
As per below document, first we need to disable failover by entering 'no failover' command on active FWSM and then apply the license seperately on both FWSM.
I just want to know when i will disable the failover then standby move to pseudo-standby state.
Will there be any services impact which are running behind the FWSM when disbaling the failover and then re-enabling the failover.
http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg/swcnfg_f.html#wp1073226
Appreciate your response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide