Core issue
These are two of the possible reasons for the normal Waiting state error message:
- A configuration mistake when the standby IP address is provided.
- Portfast is not enabled on switch ports.
Resolution
Complete these steps for a workaround:
- Check if you provided the standby IP addresses along with the IP addresses for each interface on the primary firewall.
- Cisco strongly recommends that you enable port-fast on all switch ports that connect to ASA interfaces. In addition, channeling and trunking should be disabled on these ports.Thus, if the interface of the PIX goes down during failover, the switch does not have to wait 30 seconds while the port is transitioned from a listening to learning to forwarding state.
Refer to Configuring Failover for more information on the ASA failover setup.