06-29-2020 06:36 AM
Hello,
For 3 weeks, we have our ASA (configured in failover active / standby) which stops working. When it happens, we have to restart them electrically.
After which, it works for 2 or 3 days, and it starts again. The ASAs are unreachable
When this happens, the LED turns green on the 2 asa.
#sh failover
Failover On
Failover unit Primary
Failover LAN Interface: bckfail GigabitEthernet1/8 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.9(1)2, Mate 9.9(1)2
Serial Number: Ours JAD20430GX7, Mate JAD23410L0K
Last Failover at: 09:46:42 CEDT Jun 15 2020
This host: Primary - Active
Active time: 1223049 (sec)
slot 1: ASA5516 hw/sw rev (1.1/9.9(1)2) status (Up Sys)
Interface Outside (62.193.38.42): Normal (Monitored)
Interface Inside (10.39.6.5): Normal (Monitored)
Interface Backup (0.0.0.0): Link Down (Shutdown)
slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
ASA FirePOWER, 5.4.1-211, Up, (Monitored)
slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
ASA FirePOWER, 5.4.1-211, Up, (Monitored)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
slot 1: ASA5516 hw/sw rev (3.3/9.9(1)2) status (Up Sys)
Interface Outside (62.193.38.46): Normal (Monitored)
Interface Inside (10.39.6.50): Normal (Monitored)
Interface Backup (0.0.0.0): Link Down (Shutdown)
slot 2: SFR5516 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
slot 2: SFR5516 hw/sw rev (N/A/6.2.2-81) status (Up/Up)
ASA FirePOWER, 6.2.2-81, Up, (Monitored)
Stateful Failover Logical Update Statistics
Link : bckfail GigabitEthernet1/8 (up)
Stateful Obj xmit xerr rcv rerr
General 3231089 0 324537 61
sys cmd 176108 0 176108 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 1182611 0 32737 4
UDP conn 966717 0 61786 29
ARP tbl 897498 0 53269 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 5750 0 461 0
VPN IKEv1 P2 582 0 25 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 133 0 6 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 314 0 0 28
Router ID 0 0 0 0
User-Identity 1378 0 145 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 17 601400
Xmit Q: 0 2048 8974000
#sh failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Standby Ready Comm Failure 08:13:08 CEDT Jun 29 2020
====Configuration State===
Sync Done
====Communication State===
Mac set
06-29-2020 08:53 AM
Have you checked console access when the units are unresponsive? Also, check "show failover history" if you can get the output before doing a power cycle.
07-01-2020 03:58 AM
Hello,
the unit crashes approximately between 2 a.m. and 2:30 a.m.
when i get to work at 8am i have to restart them quickly.
This night, the problem occures. But it was a little bit different. The standby ASA become primary, but the primary fail.
when I try to connect to the console port access directly on the faulty ASA, The system is inaccessible.
So the connection continues to work but with only one asa
when i do a #sh failover history
02:28:40 CEDT Jul 1 2020
Not Detected Negotiation No Error
02:28:46 CEDT Jul 1 2020
Negotiation Cold Standby Detected an Active mate
02:28:47 CEDT Jul 1 2020
Cold Standby Sync Config Detected an Active mate
02:29:07 CEDT Jul 1 2020
Sync Config Sync File System Detected an Active mate
02:29:07 CEDT Jul 1 2020
Sync File System Bulk Sync Detected an Active mate
02:29:21 CEDT Jul 1 2020
Bulk Sync Standby Ready Detected an Active mate
02:36:16 CEDT Jul 1 2020
Standby Ready Just Active HELLO not heard from mate
02:36:16 CEDT Jul 1 2020
Just Active Active Drain HELLO not heard from mate
02:36:16 CEDT Jul 1 2020
Active Drain Active Applying Config HELLO not heard from mate
02:36:16 CEDT Jul 1 2020
Active Applying Config Active Config Applied HELLO not heard from mate
02:36:16 CEDT Jul 1 2020
Active Config Applied Active HELLO not heard from mate
==========================================================================
08-13-2020 02:53 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide