06-12-2007 11:50 AM - edited 03-11-2019 03:28 AM
The Standby ASA5520 started logging the following message sequence for each interface:
(1)%ASA-1-105005: (Primary) Lost Failover communications with mate on interface ________
(2)%ASA-1-105008: (Primary) Testing Interface ________
(3)%ASA-1-105009: (Primary) Testing on interface ________ Passed
This is repeated over and over.
The ASAs appear to be operating OK in spite of the messages.
06-19-2007 03:48 AM
. This message is displayed if this unit of the failover pair can no longer communicate with the other unit of the pair. (Primary) can also be listed as (Secondary) for the secondary unit.
Recommended Action Verify that the network connected to the specified interface is functioning correctly.
This message reports the result (either Passed or Failed) of a previous interface test. If the result is Failed, you should check the network cable connection to both failover units, that the network itself is functioning correctly, and verify the status of the standby unit.
Refer this link:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/failover.htm
06-19-2007 08:33 AM
Pengke11, Thanks for replying.
Observations:
(1)There is a direct connection between the Management0/0 Interfaces of the two ASA5520 units.
(2)This connection is used for both Failover and the Stateful Failover links.
(3)The cable does NOT appear to be a crossover cable.
(4)The Management0/0 interface is set to Full-duplex and 100 mbps. The other interfaces are Full Duplex and 1000 mbps.
(5)When the units are rebooted, the error goes away, but they eventually return.
(6) Except for the error messages that the standby unit is issuing, everything seems to be running OK.
Should the direct connection between the ASAs be using a crossover cable?
06-24-2007 08:03 PM
Yes the connections should be using a x-over. They are not auto midix so this will fail.
Interesting that your using the management interface as the failover link. In most cases we have used one of the gi interface. This may cause some trouble??
06-25-2007 08:22 AM
I replaced the cable with a x-over. Errors still occuring.
I guess the guy who set up the ASAs ran out of Gig interfaces, so he used the Mgt interface. What is it normally used for?
I may try to free up one of the Gig interfaces and use it for fail-over.
Thanks.
06-25-2007 09:47 AM
hi,
I am curious to know if this problem suddendly developed or has it been as such for a while.
From what I have read on ASA's and 7.x code I have not encounter any text indicating the management interface being bound to be only management. Well, there is a sea of information and I may be wrong . I would carefully review requirements/guidelines in failover implementations
and both ASA's failover configurations , look into avery possible angle , lisencing etc.., at least you have ruled out
the physical.
Failover link, primary an secondary units configuration
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/failover.html#wp1055300
Configuring LAN-Base Active/Standby Failover
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/failover.html#wp1051745
HTH
Jorge
06-25-2007 10:21 AM
It just started a few weeks ago, all of a sudden. It started not long after I upgraded the ASA from 7.1(1) to 7.2(2).
08-04-2008 09:20 AM
Hi,
Do you still have this issue? My ASA 5520 just started with these messages over the weekend and my cables seems to be ok. I'm on version 7.2.2, perhaps a bug?
08-04-2008 09:23 AM
No. As I recall, Cisco sent me a replacement ASA5520 to resolve this issue.
08-04-2008 09:25 AM
Ok, thanks. I'm leaning towards that direction as well, since I have 2 interfaces on my ASA with this issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: