Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
1
Replies

ASA 5520 Failover pair failure! How do I kill the standby and start over?

Steve Ballantyne
Level 1
Level 1

‎03-07-2013 10:06 AM - edited ‎03-07-2019 12:07 PM

I was working late last night making some changes that were borderline "experimental" on my primary ASA 5520.  When the changes I made didn't work out, I went in and restored to an earlier configuration using ASDM.  I had done the same thing earlier that evening without any problems.  But the second time I restored the configuration, I lost connection to the ASA and all hell broke loose.

It appears that the standby partner detected a failure, and took the lead.  But I am not sure what configuration it held.  Some of the changes that I had made involved moving address information off of a physical interface and onto a sub-interface.

When I was able to get reconnected to my primary (or was it the secondary now running as the primary?) I could see a string of nasty messages being logged about packets being received on an "unknown interface" and a repeating ARP conflict message on my Failover interface, example: "Received ARP request collision from 172.17.2.1/0019.0665.3ff6 on interface Failover".

The only way I was able to bring things sane again was to shut OFF the standby unit, and reboot the primary.  After things settled, I did try to boot up the standby again, but all external connections dropped and the messages started pouring in again.  So, back off with the standby and rebooted the primary again.  Since then, it's smooth sailing.  The only problem of course, is that I am operating on a prayer that the primary won't take a dive on me.

I have put a call into my upper support team to get assistance with this problem, and I know that they will come through for me.  In the mean time, I am looking for advice or morbid curiosities from the community.

I think what I want to do - is to forget that there ever was a standby (connect a console cable and format flash? -- with all other connections unplugged) and then re-establish from the current primary.  Or - would that be a bad thing to do?  I searched and couldn't really find any relevant documentation.

Thanks,

-Steve Ballantyne

Labels:
0 Helpful
1 Reply 1

ALIAOF_
Level 6
Level 6

‎03-07-2013 12:21 PM

So I'm assuming you want to just erase the config on the Standby ASA that is not plugged in and start from scratch. 

http://news.mali77.com/index.php/2012/04/clearing-resetting-or-erasing-configuration-on-cisco-asa/

http://news.mali77.com/index.php/2011/09/addingconfiguring-a-failover-cisco-asa/

These articles should help, you can first console into the standby ASA (make sure it is not plugged into the network yet).  Clear everything.  Then add it as a standby pair to your primary ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card