Solved: Problem with Active/Standby Failover

cisc0.ameer · ‎02-24-2019

Hello all

i using ASAv (ovf ) into Vmware workstation for practicing ASA , i think my problem cause because of ASAv

i review so many times but i can't simulate in Gns3 i prefer to ask does it really happen due to using ASAv or there is other problem

i config two ASA completely for active/standby fail over they act perfectly without any problem

but i connect one Lan User (Vmnet 15) and Give inside of ASA IP

while ASA(primary-Active) is active i can Do NAT and Lan user works without any problems

but while i change active ASA to standby then nothing happen from Lan user(Request time out)

i'm sure no problem in ASA configuring(both : primary and secondary unit)

but why first primary asa changed to standby Inside Lan not possible to do NAT or ping any interfaces?

interfaces i mean (primary,secondary,outside,)anythings not possible

but if i changed a first asa to active everythings work fine!!!

do you thin this problem happens because of ASAv

ASA1--->inside(vmnet 15)

ASA2--->inside(vmnet 15)

ASA1:

int gi0/0

nameif INSIDE

ip add 10.1.1.110 255.255.255.0 standby 10.1.1.220

no shut

ASA2:

int gi0/0

no shut

------------------------------------------------------------------

all configuration replicated

but problem is if i reload or shutdown Active ASA

Inside Lan user unable to communicate with Secondary ASA in spite of ASA2 now has exact same ip add like ASA1

Default Gateway of Inside Lan User : 10.1.1.110

i enable icmp inspection

and my NAT configuration on Active ASA is:

object net inside_pool

subnet 10.1.1.0 255.255.255.0

object net outside_pool

range 192.168.28.99 192.168.28.102

object net inside_pool

nat (inside,outside) Dynamic outside_pool

and one thing .... when ASA2 becomes active from it i cant ping any where :10.1.1.220(standby)or inside....

thanks

cisc0.ameer · ‎02-24-2019

hello again
i find what is My problem
but now i reach more closely to that reason i mentioned
this problem cause due to using ASAv
but i'm not sure why!!! because [Inside Lan] and ASA1 (primary active) and ASA2(secondary Stndby) all three use Vmnet 15 for inside connectivity
and all Vmnet in workstation i put in order
for example inside is first
outside is second
.........

ASDM Real time monitoring showing me Below Alert :

105008
Error Message %ASA-1-105008: (Primary) Testing interface interface_name.

Explanation Testing of a specified network interface has occurred. This testing is performed only if the ASA fails to receive a message from the standby unit on that interface after the expected interval. Primary can also be listed as Secondary for the secondary unit.

Recommended Action None required.

View solution in original post

cisc0.ameer · ‎02-24-2019

hello again
i find what is My problem
but now i reach more closely to that reason i mentioned
this problem cause due to using ASAv
but i'm not sure why!!! because [Inside Lan] and ASA1 (primary active) and ASA2(secondary Stndby) all three use Vmnet 15 for inside connectivity
and all Vmnet in workstation i put in order
for example inside is first
outside is second
.........

ASDM Real time monitoring showing me Below Alert :

105008
Error Message %ASA-1-105008: (Primary) Testing interface interface_name.

Explanation Testing of a specified network interface has occurred. This testing is performed only if the ASA fails to receive a message from the standby unit on that interface after the expected interval. Primary can also be listed as Secondary for the secondary unit.

Recommended Action None required.