11-02-2010 08:43 AM - edited 03-11-2019 12:03 PM
Hi - My customer has a pair of ASAs in an active/standby pair.
If we ping an address on the standby device from a device on the same subnet, we get a response to the first ping and then the rest time out.
I we watch the live event log, we see the four other pings get dropped, despite the fact that we've enabled icmp to that interface.
After that we cannot ping it, unless we reset the pc interface and then we get the same again.
Show failover looks fine.
Has anyone come across this kind of behaviour before? It's not service affecting but my customer is worried about the health of the failover process
Any advice greatly appreciated
Cheers, Dom
11-02-2010 09:24 AM
Hi,
How do you have both ASAs connected?
Do you have both ASAs connected directly with a network cable or connected to the same switch for the failover link?
Also, the interfaces on both ASAs share the same VLAN on the same switch or different switches?
Federico.
11-02-2010 10:29 AM
Why are pings dropped? What is the log drop reason?
PK
11-03-2010 02:59 AM
Hi Guys - Thanks for your responses.
The failover interfaces of the firewalls are connected by a cross over cable and the host and both vlan interfaces in question are plugged into the same L2 switch - the toplogy is about as simple as it could be
Cheers, Dom
11-03-2010 08:43 AM
Hi,
You're saying that the four ethernet connections from the ASAs are plugged into the same L2 switch?
By four connections i mean (both outside and both inside interfaces of both ASAs)?
If this is so... are both outsides and both insides separate in a different VLAN on the switch?
Could you also check the switch itself that there are no STP loops and the ports are up and operational fine?
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide