Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4142
Views
0
Helpful
1
Replies

Lost Failover communications with mate on interface X

zakariaa.lachheb
Level 1
Level 1

‎07-25-2016 01:30 AM - edited ‎03-12-2019 01:03 AM

Hello everyone,

I have two firewalls puted in cluster (Active/standby) :  the secondary is active and the primary is the standby.

I get this log issue : 

<161>%ASA-1-105009: (Secondary) Testing on interface X Passed

<161>%ASA-1-105005: (Secondary) Lost Failover communications with mate on interface X

Can you tell me the root causes of this issue ?

Regards,

Labels:
0 Helpful
1 Reply 1

ksimsimon
Level 1
Level 1

‎07-28-2016 02:27 AM

Hi Zakariaa,

you can Google the Log Message numbers  %ASA-1-105009: and find more Infos

here are the list from cisco

Error Message    %PIX|ASA-1-105001: (Primary) Disabling failover.

Explanation    In version 7.x and later, this message may indicate the following: failover has been automatically disabled because of a mode mismatch (single or multiple), a license mismatch (encryption or context), or a hardware difference (one unit has an IPS SSM installed, and its peer has a CSC SSM installed). (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    None required.

105002

Error Message    %PIX|ASA-1-105002: (Primary) Enabling failover.

Explanation    This is a failover message, which is displayed when you enter the failover command with no arguments on the console, after having previously disabled failover. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    None required.

105003

Error Message    %PIX|ASA-1-105003: (Primary) Monitoring on interface interface_name 
waiting

Explanation    This is a failover message. The security appliance is testing the specified network interface with the other unit of the failover pair. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    None required. The security appliance monitors its network interfaces frequently during normal operations.

105004

Error Message    %PIX|ASA-1-105004: (Primary) Monitoring on interface interface_name 
normal

Explanation    This is a failover message. The test of the specified network interface was successful. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    None required.

105005

Error Message    %PIX|ASA-1-105005: (Primary) Lost Failover communications with mate on 
interface interface_name.

Explanation    This is a failover message. This message is displayed if this unit of the failover pair can no longer communicate with the other unit of the pair. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    Verify that the network connected to the specified interface is functioning correctly.

105006, 105007

Error Message    %PIX|ASA-1-105006: (Primary) Link status `Up' on interface 
interface_name.

Error Message    %PIX|ASA-1-105007: (Primary) Link status `Down' on interface 
interface_name.

Explanation    Both instances are failover messages. These messages report the results of monitoring the link status of the specified interface. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    If the link status is down, verify that the network connected to the specified interface is operating correctly.

105008

Error Message    %PIX|ASA-1-105008: (Primary) Testing interface interface_name.

Explanation    This is a failover message. This message is displayed when the tests a specified network interface. This testing is performed only if the security appliance fails to receive a message from the standby unit on that interface after the expected interval. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    None required.

105009

Error Message    %PIX|ASA-1-105009: (Primary) Testing on interface interface_name 
{Passed|Failed}.

Explanation    This is a failover message. This message reports the result (either Passed or Failed) of a previous interface test. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    None required if the result is Passed. If the result is Failed, you should check the network cable connection to both failover units, that the network itself is functioning correctly, and verify the status of the standby unit.

105010

Error Message    %PIX|ASA-3-105010: (Primary) Failover message block alloc failed

Explanation    Block memory was depleted. This is a transient message and the security appliance should recover. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    Use the show blocks command to monitor the current block memory.

105011

Error Message    %PIX|ASA-1-105011: (Primary) Failover cable communication failure

Explanation    The failover cable is not permitting communication between the primary and secondary units. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action    Ensure that the cable is properly connected.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

here are a good link how Failover works

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/5220-failover.html

hope that will help you and passed is very good you know it works fine ;)

regards Klaus

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card