i have 2 ASA5520,
on the primary unit, it has 3 interfaces configured and connected(outside, inside--g0/1.200 and one more Lan interface)
so whenever we connect the secondary ASA, the Inside port shuts down by itself (both on the LAN switch port and asa inside port). all other interfaces on secondary function well and the primary unit detect the mate and start replicating. after replication ends. the inside port of the secondary unit will shut down by itself ( ASA inside port-g0/1.200)
can anyone help with this issue?
What is the configuration of the switch interfaces?
Does the interface on the switch err-disable?
Any logs associated with this event on the switch?
the interface is a trunk and not configured any port-security. but still, used shutdown and no shutdown commands. still, it's the same.
this event happened long back. so, no recorded event for this issue on the switch.
Can you post-show failover on the standby unit. - how is your Gi0/3 ASA connected back to back or connected to switch ?
what you see on the switch - show logging post all logs
Do you have any rough diagram of how these devices connected to what port?
The issue seems to be at the inside interface as it showing as waiting.
could you please confirm if you can ping either from Active ASA to ping 10.253.0.2 or from Standby ASA to ping 10.253.0.1?
also could you confirm if you can see the mac address of inside interface on your switche/s?
does vlan 200 intself exisits on each single switche/s?
also could you run the command show monitor-interface
by default sub-interface are not in monitoring mode you have to configure it to monitor it.
post the configuration of swiches show span tree vlan 200
show span detail|i ieee|changes|occ|from|.exec
1) cannot able to ping the 10.253.0.2 from 10.253.0.1
2) i can see the mac address of the primary ASA. but I cannot see the mac address of secondary ASA.
3) yes vlan 200 exist on all the switches.
4) Attached show monitor-interface output
5) Output of show spanning-tree clan 200
is there a command to reset the failover on secondary??