12-16-2018 10:50 AM - edited 02-21-2020 08:34 AM
Description the issue:
I have two ASAs which were configured Active / Standby Fail-over. The issue is one of three servers that reside under this 10.71.0.0/24 subnet cannot reach the primary gateway 10.71.0.1. However, it is able to reach the standby IP 10.71.0.2 which is weird. Other two servers, meanwhile, are able to reach 10.71.0.1 normally and not able to reach 10.71.0.2 which is correct.
I have rebooted the issue server as well as the both ASAs but no lucky. If anyone has clue about this situation?
Below are the configuration:
Primary ASA:
PCCFW1-2/pri/act# show run interface po1.10
interface Port-channel1.10
vlan 10
nameif PCCNet
security-level 100
ip address 10.71.0.1 255.255.255.0 standby 10.71.0.2
Fail over state:
PCCFW1-2/pri/act# show failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Standby Ready None
====Configuration State===
Sync Done
====Communication State===
Mac set
Active ASA has ip 10.71.0.1 and up up status:
PCCFW1-2/pri/act# show interface ip brief | i 1.10
Port-channel1.10 10.71.0.1 YES CONFIG up up
Standby ASA:
PCCFW1-2/sec/stby# show failover state
State Last Failure Reason Date/Time
This host - Secondary
Standby Ready None
Other host - Primary
Active None
====Configuration State===
Sync Done - STANDBY
====Communication State===
Mac set
PCCFW1-2/sec/stby# show interface ip brief | i 1.10
Port-channel1.10 10.71.0.2 YES CONFIG up up
Below I tried to ping the gateway from three servers (they are connected to the ports under same VLAN 10 of stacked 9300 switches - switch mode access)
Server ONE: ip address 10.71.0.12 (CANNOT reach the gateway)
ipconfig:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.71.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.71.0.1
C:\Users\Administrator>ping 10.71.0.1
Pinging 10.71.0.1 with 32 bytes of data:
Reply from 10.71.0.12: Destination host unreachable.
Reply from 10.71.0.12: Destination host unreachable.
Reply from 10.71.0.12: Destination host unreachable.
Reply from 10.71.0.12: Destination host unreachable.
Ping statistics for 10.71.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
C:\Users\Administrator>ping 10.71.0.2
Pinging 10.71.0.2 with 32 bytes of data:
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Ping statistics for 10.71.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Server TWO: ip address 10.71.0.10
C:\Users\Administrator>ping 10.71.0.1
Pinging 10.71.0.1 with 32 bytes of data:
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.71.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\Administrator>ping 10.71.0.2
Pinging 10.71.0.2 with 32 bytes of data:
Reply from 10.71.0.10: Destination host unreachable.
Reply from 10.71.0.10: Destination host unreachable.
Reply from 10.71.0.10: Destination host unreachable.
Reply from 10.71.0.10: Destination host unreachable.
Ping statistics for 10.71.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Server THREE: ip address 10.71.0.13
C:\Users\Administrator>ping 10.71.0.1
Pinging 10.71.0.1 with 32 bytes of data:
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.71.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\Administrator>ping 10.71.0.2
Pinging 10.71.0.2 with 32 bytes of data:
Reply from 10.71.0.13: Destination host unreachable.
Reply from 10.71.0.13: Destination host unreachable.
Reply from 10.71.0.13: Destination host unreachable.
Reply from 10.71.0.13: Destination host unreachable.
Ping statistics for 10.71.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
12-20-2018 02:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide