cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3937
Views
5
Helpful
15
Replies

Wierd Issue - one server cannot reach primary gateway IP - ASA Active / Standby Failover

leogxn
Level 1
Level 1

Description the issue:

I have two ASAs which were configured Active / Standby Fail-over.  The issue is one of three servers that reside under this 10.71.0.0/24 subnet cannot reach the primary gateway 10.71.0.1. However, it is able to reach the standby IP 10.71.0.2 which is weird. Other two servers, meanwhile, are able to reach 10.71.0.1 normally and not able to reach 10.71.0.2 which is correct.

 

I have rebooted the issue server as well as the both ASAs but no lucky. If anyone has clue about this situation? 

 

Below are the configuration:

 

Primary ASA:

 

PCCFW1-2/pri/act# show run interface po1.10

interface Port-channel1.10
vlan 10
nameif PCCNet
security-level 100
ip address 10.71.0.1 255.255.255.0 standby 10.71.0.2

 

Fail over state:


PCCFW1-2/pri/act# show failover state

                            State                                   Last Failure                      Reason Date/Time
This host -            Primary
                            Active                                  None
Other host -         Secondary
                            Standby Ready                    None

====Configuration State===
Sync Done
====Communication State===
Mac set

 

Active ASA has  ip 10.71.0.1 and up up status:

 

PCCFW1-2/pri/act# show interface ip brief | i 1.10
Port-channel1.10 10.71.0.1 YES CONFIG up up

 

 

Standby ASA:

 

PCCFW1-2/sec/stby# show failover state

                               State                         Last Failure                   Reason Date/Time
This host -              Secondary
                              Standby Ready           None
Other host -            Primary
                              Active                         None

====Configuration State===
Sync Done - STANDBY
====Communication State===
Mac set

PCCFW1-2/sec/stby# show interface ip brief | i 1.10

Port-channel1.10           10.71.0.2       YES CONFIG up                    up

 

 

 

Below I tried to ping the gateway from three servers (they are connected to the ports under same VLAN 10 of stacked 9300 switches - switch mode access)

 

Server ONE: ip address 10.71.0.12 (CANNOT reach the gateway)

ipconfig:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.71.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.71.0.1

 

C:\Users\Administrator>ping 10.71.0.1

Pinging 10.71.0.1 with 32 bytes of data:
Reply from 10.71.0.12: Destination host unreachable.
Reply from 10.71.0.12: Destination host unreachable.
Reply from 10.71.0.12: Destination host unreachable.
Reply from 10.71.0.12: Destination host unreachable.

Ping statistics for 10.71.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

 

C:\Users\Administrator>ping 10.71.0.2

Pinging 10.71.0.2 with 32 bytes of data:
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255
Reply from 10.71.0.2: bytes=32 time<1ms TTL=255

Ping statistics for 10.71.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

Server TWO: ip address 10.71.0.10

C:\Users\Administrator>ping 10.71.0.1

Pinging 10.71.0.1 with 32 bytes of data:
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255

Ping statistics for 10.71.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Administrator>ping 10.71.0.2

Pinging 10.71.0.2 with 32 bytes of data:
Reply from 10.71.0.10: Destination host unreachable.
Reply from 10.71.0.10: Destination host unreachable.
Reply from 10.71.0.10: Destination host unreachable.
Reply from 10.71.0.10: Destination host unreachable.

Ping statistics for 10.71.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

 

Server THREE: ip address 10.71.0.13

C:\Users\Administrator>ping 10.71.0.1

Pinging 10.71.0.1 with 32 bytes of data:
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255
Reply from 10.71.0.1: bytes=32 time<1ms TTL=255

Ping statistics for 10.71.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

C:\Users\Administrator>ping 10.71.0.2

Pinging 10.71.0.2 with 32 bytes of data:
Reply from 10.71.0.13: Destination host unreachable.
Reply from 10.71.0.13: Destination host unreachable.
Reply from 10.71.0.13: Destination host unreachable.
Reply from 10.71.0.13: Destination host unreachable.

Ping statistics for 10.71.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

15 Replies 15

kindly please could you instead of helpful thump up, can you give me a point to resolve solution
thanks. gland to help
please do not forget to rate.
Review Cisco Networking for a $25 gift card