in order to help you it would be better if you share your ASA configuration. ... View more

use the section 3 of the NAT.   it would be some thing like this.   object network INSIDE  subnet 192.168.1.0 255.255.255.0 nat (inside,outside) after-auto source dynamic any interface ... View more

hmm... here some of the tips you can you to see what is happening.   show conn 192.168.20.71 ! show local-host 192.168.20.71 or show local-host 192.168.20.71 brief ! show service-policy flow tcp host 192.168.20.71 host 8.8.8.8   ... View more

hi see the link     https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/release/notes/asarn96.html#ID-2152-0000000a     ... View more

dot1x-ev:DOT1X Supplicant not enabled on FastEthernet0/3   Interface Fast0/3  dot1x pae auth  authentication port control auto  authentication order mab dot1x  authentication prio dot1x mab  authentication host-mode multi-auth   (only in case if you on vmware workstation etc.)       ... View more

i also noted your port-channel 2 is missing the ip address too. Which make sense but you missing the standby ip addres which is why your active passive not working properly.     FW-1 Port-channel2 10.112.1.4 YES CONFIG up up   FW-2 Port-channel2 unassigned YES CONFIG up up     and looking into your configuation you have used the same ip address twice.   FW2 ! interface Port-channel2 lacp max-bundle 8 nameif YYY security-level 1 ip address 10.112.1.4 255.255.255.0   --- FW-1 ! interface Port-channel2 lacp max-bundle 8 nameif YYY security-level 1 ip address 10.112.1.4 255.255.255.0   ... View more

Hi you have problem with your failover config on setup. you need to give standby ip address to those interface which you are monitoing.  if you put the config site by site of the show failover you will see the ip addres are not seen on the other box which is why you having this issue. ! Version: Ours 9.5(2), Mate 9.5(2) Last Failover at: 13:37:34 UTC Mar 10 2019 This host: Primary - Standby Ready Active time: 16 (sec) slot 0: ASA5512 hw/sw rev (1.0/9.5(2)) status (Up Sys) Interface management (0.0.0.0): No Link (Not-Monitored) Interface XXX (10.111.4.9): Normal (Monitored) Interface YYY (0.0.0.0): Normal (Not-Monitored) slot 1: SFR5512 hw/sw rev (N/A/5.3.1-152) status (Up/Up) ASA FirePOWER, 5.3.1-152, Up, (Monitored) Other host: Secondary - Active Active time: 198 (sec) slot 0: ASA5512 hw/sw rev (1.0/9.5(2)) status (Up Sys) Interface management (192.168.1.1): Normal (Not-Monitored) Interface XXX (10.111.4.10): Normal (Monitored) Interface YYY (10.112.1.4): Normal (Not-Monitored) slot 1: SFR5512 hw/sw rev (N/A/5.3.1-152) status (Up/Up) ASA FirePOWER, 5.3.1-152, Up, (Monitored) ... View more