Solved: Re: (Primary) Lost Failover communications with mate - Page 2

clark-white · ‎10-08-2012

Hi,

One of the interface on the primary fails and it switchover to secondary, this is happening with the primary firewall with irregular intervals, the ABC interface is a sub-interface and is connected to DMZ switch configured as a trunk. No other SUB-interfaces are failing except ABC interface and the failover switchovers to secondary firewall. As per the cisco documentation it is network problem but the DMZ switches are OK ,no errors in the sh logging , How can i troubleshoot such problem.

: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface ABC

: %ASA-1-105008: (Primary) Testing Interface ABC

%ASA-1-105009: (Primary) Testing on interface ABC Failed

: %ASA-1-104002: (Primary) Switching to STNDBY - Interface check

: %ASA-1-104004: (Primary) Switching to OK.

RG

clark-white · ‎10-10-2012

Hello,

Anybody can help me for the above query.

Julio Carvajal · ‎10-10-2012

Hello Clark,

We will need to take the logs from both the switch and the ASA's so we can determine what is causing the outage.

But until the issue happens again we will not be able to determine the issue,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

clark-white · ‎10-10-2012

Hi,

Julio thanks for all your support and i appreciate your patients to answer my thread and queries.

God bless you.

From the swithces when execute sh logging only interface down and up which is not related to interface ABC which is triggering the failover.

From the ASA standby unit which was active i only see the below logs. And on the Active there are many logs how i can filter those logs to collect only failover logs, I have configured logging buffered error still there are many unwanted logs, if i want to filter only failover logs what i shld configure.

On standby unit

%ASA-1-105005: (Primary) Lost Failover communications with mate on interface ABC

: %ASA-1-105008: (Primary) Testing Interface ABC

%ASA-1-105009: (Primary) Testing on interface ABC Failed

: %ASA-1-104002: (Primary) Switching to STNDBY - Interface check

: %ASA-1-104004: (Primary) Switching to OK.

clark-white · ‎10-12-2012

Hi,,

i have noticed on Primary ASA when it is active many interfaces are losing connecton same as ABC interface but other interface such as inside and DMZ testing is passed only interface ABC testing is failed and then it switchovers.

ASAFW : %ASA-1-105005: (Primary) Lost Failover communications with mate on interface INSIDE

ASAFW : %ASA-1-105008: (Primary) Testing Interface INSIDE

ASAFW : %ASA-1-105009: (Primary) Testing on interface INSIDE Passed

ASAFW : %ASA-1-105005: (Primary) Lost Failover communications with mate on interface DMZ

ASAFW : %ASA-1-105008: (Primary) Testing Interface DMZ

ASAFW : %ASA-1-105009: (Primary) Testing on interface DMZ Passed

ASAFW : %ASA-1-105005: (Primary) Lost Failover communications with mate on interface ABC

ASAFW : %ASA-1-105008: (Primary) Testing Interface ABC

ASAFW : %ASA-1-105009: (Primary) Testing on interface ABC Failed

ASAFW : %ASA-1-104004: (Primary) Switching to OK.

Thanks