Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
3
Replies

ASA 5510 failover failure

r.mikes
Level 1
Level 1

‎02-13-2007 03:17 AM - edited ‎03-11-2019 02:32 AM

Hi,

I have experiensed failover failure on the new instalation of pair of ASA 5510 7.2(2). I use multi context mode but actualy in Active/Standby mode. Only the reason fro multi context is the preemtion option only supported in multiple mode.

The problem is that after restart of the primary/activ box it fall in to state "failover off" or "could standby".

Only recovery procedure to get the failover up and running is switch off the secondary box, restart the primary and finaly switch on the secondary again.

This behavior was seen only when restarting the active. If I simulate other failure e.g. interface disconnect it works fine.

Can someone advise if:

1. Configuration with single failover group is valid ?

2. If someone experienced similar behavior. Or have any idea.

See the failover configuration:

failover

failover lan unit primary

failover lan interface failover Ethernet0/3

failover polltime unit 2 holdtime 10

failover key *****

failover link failover Ethernet0/3

failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2

failover group 1

preempt

polltime interface 2 holdtime 10

Thanks for any ideas.

Regards

Roman

Labels:
0 Helpful
3 Replies 3

joshdughi
Level 1
Level 1

‎02-13-2007 11:27 AM

Hi, Roman;

Roman, I don't have an immediate answer, but, as I looked at your "Show Fail" response, it prompts the question:

Are you showing the 'fail' commands for the Active (unrestricted license) box, or are you showing the 'fail' command for the standby (FO license) box? It appears to me that you are showing the 'fail' commands response from the Active (unrestricted license) box.

Good luck with figuring it out.

Josh

0 Helpful

r.mikes
Level 1
Level 1
In response to joshdughi

‎02-13-2007 11:57 PM

Josh,

the boxes are ASA which does not dostinguish UR or FO licneses. This platform has an ASA 5510 Security Plus license which is FO capable.

The "show run failover" is of course from the primary box. The secondary has the same config with only exeption "failover unit secondary" command.

Thatnx for your reply.

Regards

Roman

0 Helpful

joshdughi
Level 1
Level 1
In response to r.mikes

‎02-14-2007 07:44 AM

Hi, Roman;

Thank you for your clarification. I have - with yours and others such communications - piecemealed that together (now figured that out, or learned that.)

I did observe, however, that the config that was originally posted did say, "failover unit primary". You had reported that your efforts were with the failover unit. Since the config said, "failover unit primary", I am guessing that now our further clarification is that you WERE working with the Primary unit that had now fallen into a "standby" mode (or function/capacity).

My experience(s) have/had only dealt with the issue, or matter of the FO-licensed unit (and now I see/understand that it is/may not be applicable in the context of ASA's) being hard-coded to reboot every 24th hour.

Well, I'll be interested in learning how this ultimately is resolved.

Good luck, in the meanwhile.

Sincerely,

Josh

joshdughi@yahoo.com

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card