Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2146
Views
0
Helpful
3
Replies

Unable to ping anything from Secondary Firewall

Go to solution
Firepowered
Level 1
Level 1

‎07-29-2019 12:22 AM - edited ‎07-29-2019 04:59 AM

I have two ASAs in Active / Standby Failover, I can not ping anything from secondary firewall, here is my failover config:

 

failover
failover lan unit primary
failover lan interface Failover GigabitEthernet1/3
failover key *****
failover interface ip Failover 172.16.211.200 255.255.255.0 standby 172.16.211.199

 

I can SSH / ASDM to the secondary, it is reachable, but once I login, I can't ping anything.

 

My interfaces are all configured in port channel / sub interface, example:

 

interface Port-channel1.45
vlan 45
nameif inside
security-level 100
ip address 192.168.1.20 255.255.255.0

 

we have no stand by IP addresses any interface except management, could it be because of this?

 

But doesn't sound plausible, because I have exact same config on my DC firewall, and pings work from secondary firewall

 

Let me know if you need some other config to troubleshoot.

 

Also, when I launch ASDM, and ping 8.8.8.8, it doesn't and also i don't see any live traffic in "Monitoring > Logging > VIew"

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Firepowered

‎07-31-2019 01:10 AM - edited ‎07-31-2019 01:12 AM

hi,

this is an expected behavior since there's no standby IP explicitly configured on the standby FW 'outside' and 'inside' interfaces.

the standby FW will only get an IP from the primary/active after a fail over. once standby FW becomes active, it should be able to ping the internet.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
johnd2310
Level 8
Level 8

‎07-29-2019 02:02 AM

Hi

You need to configure the standby ip address.

How do you ssh to the secondary unit?

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
Firepowered
Level 1
Level 1
In response to johnd2310

‎07-29-2019 05:01 AM - edited ‎07-30-2019 03:54 AM

Except for management and outside interface, there are no standby ip addresses (should have mentioned that)

 

On my DC, the configuration is similar, as in, management interface has stadnby and nothing else, but everything works!

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Firepowered

‎07-31-2019 01:10 AM - edited ‎07-31-2019 01:12 AM

hi,

this is an expected behavior since there's no standby IP explicitly configured on the standby FW 'outside' and 'inside' interfaces.

the standby FW will only get an IP from the primary/active after a fail over. once standby FW becomes active, it should be able to ping the internet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card