Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1539
Views
0
Helpful
0
Replies

ASA- Interface monitoring is not triggering the failover

sfarazaz123
Level 1
Level 1

‎07-25-2019 05:49 AM - edited ‎02-21-2020 09:20 AM

Hi all,

I am testing Cisco ASA H-A with our ACI switches. i m using port channel on ASA + vPC on the ACI switches.

I have two port channels

1) data --> inside and outside with sub-interfaces as po1.114 and po1.115 for example

2) failover --> po2 (g1/7 and g1/8).

Each p channel has two physical interfaces bundled together. Every thing is working fine in failover setup. I m monitoring the inside and outside interface. The issue i m setting is that when i shutdown the inside subinterface on the active firewall no failover occurs same for outside sub-interface as well. i wait for 5 minutes but nothing happen. the interface poll time is default configured. 5 and 25 sec but nothing happen. 

what i want is 

when inside or outside subinterface is down failover should occur. also when i shout down complete port channel it should also failover.

I need you help to configure it correctly. Let me know what config you would like to see for that.

I read in the documentation that physical interfaces are monitored by default but not the sub-interfaces. Is that mean if i shutdown both interfaces (i.e. g1/1 and g1/2) in the po1 than failover occurs ?

Thanks in advance.

 

Best Regards

far

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card