Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2341
Views
0
Helpful
8
Replies

ASA Active/Standby (failover)

anishkmr0071
Level 1
Level 1

‎10-08-2020 10:57 AM

Hello everyone,

i have 2 ASA5520,

configured Active/Standby.

on the primary unit, it has 3 interfaces configured and connected(outside, inside--g0/1.200 and one more Lan interface)

so whenever we connect the secondary ASA, the Inside port shuts down by itself (both on the LAN switch port and asa inside port). all other interfaces on secondary function well and the primary unit detect the mate and start replicating. after replication ends. the inside port of the secondary unit will shut down by itself ( ASA inside port-g0/1.200) 

can anyone help with this issue?

Labels:
0 Helpful
8 Replies 8

Rob Ingram
VIP
VIP

‎10-08-2020 11:02 AM

Hi @anishkmr0071 

What is the configuration of the switch interfaces?

Does the interface on the switch err-disable?

Any logs associated with this event on the switch?

 

0 Helpful

anishkmr0071
Level 1
Level 1
In response to Rob Ingram

‎10-09-2020 09:47 AM

the interface is a trunk and not configured any port-security. but still, used shutdown and no shutdown commands. still, it's the same. 

this event happened long back. so, no recorded event for this issue on the switch.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2020 11:03 AM

Can you post logs to look at what is the issue - this is not expected behavior.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

anishkmr0071
Level 1
Level 1

‎10-08-2020 12:45 PM

Attached is the config, on switches and ASA.

 

i will try to find the logs. is there any specific commands you want me to try?

Preview file
8 KB
Preview file
5 KB
Preview file
29 KB
Preview file
5 KB
Preview file
6 KB
Preview file
7 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2020 02:14 PM

Can you post-show failover on the standby unit.  - how is your Gi0/3 ASA connected back to back or connected to switch ?

 

what you see on the switch - show logging post all logs

 

Do you have any rough diagram of how these devices connected to what port?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

anishkmr0071
Level 1
Level 1
In response to balaji.bandi

‎10-09-2020 09:45 AM

Hi,

Gi0/3 on both ASA are connected directly, 

the inside interface on ASA is gi0/1.200.

pls, see the attached diagram and failover of secondary.

 

Preview file
36 KB
Preview file
108 KB
Preview file
40 KB
0 Helpful

Sheraz.Salim
VIP
VIP
In response to anishkmr0071

‎10-10-2020 02:14 AM - edited ‎10-10-2020 02:22 AM

The issue seems to be at the inside interface as it showing as waiting.

 

could you please confirm if you can ping either from Active ASA to ping 10.253.0.2 or from Standby ASA to ping 10.253.0.1?

also could you confirm if you can see the mac address of inside interface on your switche/s?

does vlan 200 intself exisits on each single switche/s?

 

also could you run the command show monitor-interface

 

by default sub-interface are not in monitoring mode you have to configure it to monitor it.

post the configuration of swiches show span tree vlan 200
!
show span detail|i ieee|changes|occ|from|.exec

please do not forget to rate.
0 Helpful

anishkmr0071
Level 1
Level 1
In response to Sheraz.Salim

‎10-12-2020 03:59 PM

hi Salim,

1) cannot able to ping the 10.253.0.2 from 10.253.0.1

2) i can see the mac address of the primary ASA. but I cannot see the mac address of secondary ASA.

3) yes vlan 200 exist on all the switches. 

4) Attached show monitor-interface output

5) Output of show spanning-tree clan 200 

is there a command to reset the failover on secondary?? 

 

 

Preview file
12 KB
Preview file
19 KB
0 Helpful
Customers Also Viewed These Support Documents