cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASA Failover issue

380
Views
0
Helpful
4
Comments
Beginner

Failover unit Primary
Failover LAN Interface: FailoverLink GigabitEthernet0/7 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 5 of 316 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.8(2)24, Mate 9.8(2)24
Serial Number: Ours FCH20357LU9, Mate FCH20357LXQ
Last Failover at: 13:29:48 EST Jan 21 2020
This host: Primary - Active
Active time: 77871 (sec)
slot 0: ASA5545 hw/sw rev (3.0/9.8(2)24) status (Up Sys)
Interface outside (x.x.x.x)): Normal (Monitored)
Interface inside (x.x.x.x)): Normal (Monitored)
Interface mpls (10.10.1.2): Normal (Waiting)
Interface dmz (1x.x.x.x)): Normal (Monitored)
Interface management (x.x.x.x)): Normal (Monitored)
slot 1: SFR5545 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
slot 1: SFR5545 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5545 hw/sw rev (3.0/9.8(2)24) status (Up Sys)
Interface outside (x.x.x.x): Normal (Monitored)
Interface inside (x.x.x.x): Normal (Monitored)
Interface mpls (10.10.1.3): Failed (Waiting) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<   this interface failed
Interface dmz (x.x.x.x): Normal (Monitored)
Interface management (x.x.x.x): Normal (Monitored)
slot 1: SFR5545 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
slot 1: SFR5545 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)

 

 

Fiera-ASA-1# sh failover his
==========================================================================
From State To State Reason
==========================================================================
17:02:23 EST Jan 21 2020
Sync Config Sync File System Detected an Active mate

17:02:23 EST Jan 21 2020
Sync File System Bulk Sync Detected an Active mate

17:02:36 EST Jan 21 2020
Bulk Sync Standby Ready Detected an Active mate

17:02:37 EST Jan 21 2020
Standby Ready Failed Detect service card failure

17:03:22 EST Jan 21 2020
Failed Standby Ready My service card is as good as peer

17:03:32 EST Jan 21 2020
Standby Ready Failed Interface check

 

a very strange issue, one of the interface on the secondary ASA  changed the state to failed(before was ok), the link is up and no connection issue. rebooted the secondary ASA but still had no luck. 

 

any idea? please help.

 

thanks.

4 Comments
VIP Advisor
Check any SSP Module having issue reseat them and test as per below message. Standby Ready Failed Detect service card failure
VIP Collaborator

This is the same box we had issue with we are using 5545-X series. We were on version 9.8.3. We had issue was when we do a manual failover from primary active to secondary standby the other unit always reboots. Open a tac case they recommend to go with 9.8.4 gold star. That’s did not fix the issue. Strange thing was when other unit reboot no crash file generated. Tac firewall team recommended to updrade to 9.12 version. Since we upgraded 5545 to 9.12 from 9.8.3 the issue is fixed. We spend more than a month for upgrades due to nature of business.

 

do a upgrade 9.3 is a buggy software.

Beginner

thanks, we are currently using version 9.8(2)24, i think update the software might be a good try.

VIP Collaborator

yes please do not forget to rate the post or accept as solution as this will help other engineer like you and me too.

Thank in advance