07-25-2016 01:30 AM - edited 03-12-2019 01:03 AM
Hello everyone,
I have two firewalls puted in cluster (Active/standby) : the secondary is active and the primary is the standby.
I get this log issue :
<161>%ASA-1-105009: (Secondary) Testing on interface X Passed
<161>%ASA-1-105005: (Secondary) Lost Failover communications with mate on interface X
Can you tell me the root causes of this issue ?
Regards,
07-28-2016 02:27 AM
Hi Zakariaa,
you can Google the Log Message numbers %ASA-1-105009: and find more Infos
here are the list from cisco
Error Message %PIX|ASA-1-105001: (Primary) Disabling failover.
Explanation In version 7.x and later, this message may indicate the following: failover has been automatically disabled because of a mode mismatch (single or multiple), a license mismatch (encryption or context), or a hardware difference (one unit has an IPS SSM installed, and its peer has a CSC SSM installed). (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action None required.
Error Message %PIX|ASA-1-105002: (Primary) Enabling failover.
Explanation This is a failover message, which is displayed when you enter the failover command with no arguments on the console, after having previously disabled failover. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action None required.
Error Message %PIX|ASA-1-105003: (Primary) Monitoring on interface interface_name waiting
Explanation This is a failover message. The security appliance is testing the specified network interface with the other unit of the failover pair. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action None required. The security appliance monitors its network interfaces frequently during normal operations.
Error Message %PIX|ASA-1-105004: (Primary) Monitoring on interface interface_name normal
Explanation This is a failover message. The test of the specified network interface was successful. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action None required.
Error Message %PIX|ASA-1-105005: (Primary) Lost Failover communications with mate on interface interface_name.
Explanation This is a failover message. This message is displayed if this unit of the failover pair can no longer communicate with the other unit of the pair. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action Verify that the network connected to the specified interface is functioning correctly.
Error Message %PIX|ASA-1-105006: (Primary) Link status `Up' on interface interface_name.
Error Message %PIX|ASA-1-105007: (Primary) Link status `Down' on interface interface_name.
Explanation Both instances are failover messages. These messages report the results of monitoring the link status of the specified interface. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action If the link status is down, verify that the network connected to the specified interface is operating correctly.
Error Message %PIX|ASA-1-105008: (Primary) Testing interface interface_name.
Explanation This is a failover message. This message is displayed when the tests a specified network interface. This testing is performed only if the security appliance fails to receive a message from the standby unit on that interface after the expected interval. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action None required.
Error Message %PIX|ASA-1-105009: (Primary) Testing on interface interface_name {Passed|Failed}.
Explanation This is a failover message. This message reports the result (either Passed or Failed) of a previous interface test. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action None required if the result is Passed. If the result is Failed, you should check the network cable connection to both failover units, that the network itself is functioning correctly, and verify the status of the standby unit.
Error Message %PIX|ASA-3-105010: (Primary) Failover message block alloc failed
Explanation Block memory was depleted. This is a transient message and the security appliance should recover. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action Use the show blocks command to monitor the current block memory.
Error Message %PIX|ASA-1-105011: (Primary) Failover cable communication failure
Explanation The failover cable is not permitting communication between the primary and secondary units. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action Ensure that the cable is properly connected.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
here are a good link how Failover works
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/5220-failover.html
hope that will help you and passed is very good you know it works fine ;)
regards Klaus
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide