Re: ASAv Act/Pass HA HyperV Propergating ARP

Mux · ‎12-07-2021

G'day

I have an environment with two HyperV (HPX) servers in the same domain.

HPX01 has AD01

HPX02 has AD02

both residing in the same VLAN, independently connected via LACP to a 3850 (16.12), which is running OSPF.

We have built a proof of concept(POC) with an ASAv installed on each HPX as a virtual appliance... However, since this initial POC, we can't get the two ASA's to pass ARP / IP's that are specific to the other HPX - e.g. HPX-AD01 can't ping or connect to HPX-AD02 specific IP - 10.10.10.20/24 can't ping 10.10.10.22 /24 - They are in the network, residing on different HXP.

We have now have to install ASAv on both HPX, and need to iron out this config.

ASA's running in Active / Passive mode and they are syncing configs.
I can see OSPF routes updating between the Switch and ASA's
HPX-ASA01 can ping local servers in LAN 30 (VLAN300), but can't ping any on HPX-ASA02
HPX-ASA02 can ping local servers in LAN 30 (VLAN300), but can't ping any on HPX-ASA01
Since installing the ASAv(s) now the HyperV Servers can't connect (so it's not just icmp) HyperV manager or sync
sh arp on HPX-ASA02, only sh's arps for HPX-ASA01.

Thoughts? Suggested troubleshooting?

Cheers,

Mux

Jon Marshall · ‎12-08-2021

The virtual switch you created was an external switch ?

Is vlan 300 the inside interface of the ASAs ?

Are you allowing vlan 300 on the team that connects each hypervisor to the 3850 switch ?

Are you using the management vlan for the hypervisors for the ASAs as well ie. are the outside interfaces of the ASAs in the management vlan ?

Also just to clarify these are two separate hyper-v servers ie. you are not running them in a cluster are you ?

If you could explain the topology in a bit more detail ie. vlans/IP subnets in use etc. that might help.

Jon