ASA5520 Active/Standby Failover

Unanswered Question
Jun 12th, 2007

The Standby ASA5520 started logging the following message sequence for each interface:

(1)%ASA-1-105005: (Primary) Lost Failover communications with mate on interface ________

(2)%ASA-1-105008: (Primary) Testing Interface ________

(3)%ASA-1-105009: (Primary) Testing on interface ________ Passed

This is repeated over and over.

The ASAs appear to be operating OK in spite of the messages.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Tue, 06/19/2007 - 03:48

. This message is displayed if this unit of the failover pair can no longer communicate with the other unit of the pair. (Primary) can also be listed as (Secondary) for the secondary unit.

Recommended Action Verify that the network connected to the specified interface is functioning correctly.

This message reports the result (either Passed or Failed) of a previous interface test. If the result is Failed, you should check the network cable connection to both failover units, that the network itself is functioning correctly, and verify the status of the standby unit.

Refer this link:

gdandas Tue, 06/19/2007 - 08:33

Pengke11, Thanks for replying.


(1)There is a direct connection between the Management0/0 Interfaces of the two ASA5520 units.

(2)This connection is used for both Failover and the Stateful Failover links.

(3)The cable does NOT appear to be a crossover cable.

(4)The Management0/0 interface is set to Full-duplex and 100 mbps. The other interfaces are Full Duplex and 1000 mbps.

(5)When the units are rebooted, the error goes away, but they eventually return.

(6) Except for the error messages that the standby unit is issuing, everything seems to be running OK.

Should the direct connection between the ASAs be using a crossover cable?

oricacomms Sun, 06/24/2007 - 20:03

Yes the connections should be using a x-over. They are not auto midix so this will fail.

Interesting that your using the management interface as the failover link. In most cases we have used one of the gi interface. This may cause some trouble??

gdandas Mon, 06/25/2007 - 08:22

I replaced the cable with a x-over. Errors still occuring.

I guess the guy who set up the ASAs ran out of Gig interfaces, so he used the Mgt interface. What is it normally used for?

I may try to free up one of the Gig interfaces and use it for fail-over.


JORGE RODRIGUEZ Mon, 06/25/2007 - 09:47


I am curious to know if this problem suddendly developed or has it been as such for a while.

From what I have read on ASA's and 7.x code I have not encounter any text indicating the management interface being bound to be only management. Well, there is a sea of information and I may be wrong . I would carefully review requirements/guidelines in failover implementations

and both ASA's failover configurations , look into avery possible angle , lisencing etc.., at least you have ruled out

the physical.

Failover link, primary an secondary units configuration

Configuring LAN-Base Active/Standby Failover



gdandas Mon, 06/25/2007 - 10:21

It just started a few weeks ago, all of a sudden. It started not long after I upgraded the ASA from 7.1(1) to 7.2(2).

philiechang Mon, 08/04/2008 - 09:20


Do you still have this issue? My ASA 5520 just started with these messages over the weekend and my cables seems to be ok. I'm on version 7.2.2, perhaps a bug?

gdandas Mon, 08/04/2008 - 09:23

No. As I recall, Cisco sent me a replacement ASA5520 to resolve this issue.

philiechang Mon, 08/04/2008 - 09:25

Ok, thanks. I'm leaning towards that direction as well, since I have 2 interfaces on my ASA with this issue.


This Discussion