Hi,I asked those outputs to

chetansharma2 · ‎10-29-2014

Hi

I have a pair of firewall 5520 which is running 8.2(5) image.

Recently I am facing the "HA state progression failed" failover issue in the secondary unit which forces the secondary unit to failover disabled stage.

Any body have idea why it is happening.

Both firewalls are directly connected. for the troubleshooting purposed I had changed the failover cable and other cables of secondary unit as well. this incident happened three times in last two three week. i had not done any changes regarding the failover concern.

some outputs Running config
interface Management0/0
description LAN Failover Interface

failover lan unit secondary
failover lan interface lan_fail Management0/0
failover key *****
failover interface ip lan_fail 1.1.1.1 255.255.255.252 standby 1.1.1.2

------------------ show failover ------------------

Failover Off (pseudo-Standby)
Failover unit Secondary
Failover LAN Interface: lan_fail Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum

------------------ show failover history ------------------

==========================================================================
From State To State Reason
==========================================================================
02:16:25
Not Detected Negotiation No Error

02:16:45
Negotiation Cold Standby Detected an Active mate

02:17:00
Cold Standby Disabled HA state progression failed

==========================================================================

show failover state

               State          Last Failure Reason      Date/Time
This host -   Secondary
               Disabled       None
Other host -   Primary
               Not Detected   None

====Configuration State===
====Communication State===

Prashant Joshi · ‎10-29-2014

Hi ,

Kindly provide below outputs and verify is there is any crash on secondary ASA.

sh failover history ( complete output from Primary and secondary )

sh version ( primary and secondary )

Thanks,

Prashant Joshi

chetansharma2 · ‎10-30-2014

Hi,

Both firewall have the same IOS, License , hardware. it was working smooth from last 1,2 yrs

Also u i had shared the show failover history from secondary unit, From Primary it dont effect any because fail-over didn't happened.

have a pair of firewall 5520 which is running 8.2(5) image

Marius Gunnerud · ‎10-30-2014

I am wondering if you might be running into this bug:

https://tools.cisco.com/bugsearch/bug/CSCtg55257

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Prashant Joshi · ‎10-30-2014

Hi,

I asked those outputs to check uptime on your secondary ASA, because I suspect your secondary firewall crashed and caused this issue.

I asked "failover history" output from Primary to see all the past failover activities.

Thanks,

Prashant Joshi

Farooq Razzaque · ‎12-11-2014

Dear Prashant

I want to apply license to increase security context in FWSM which is running in Active-Active mode on VSS Core switches

As per below document, first we need to disable failover by entering 'no failover' command on active FWSM and then apply the license seperately on both FWSM.

I just want to know when i will disable the failover then standby move to pseudo-standby state.

Will there be any services impact which are running behind the FWSM when disbaling the failover and then re-enabling the failover.

http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg/swcnfg_f.html#wp1073226

Appreciate your response.