Failover (up but not working???)

Unanswered Question
Sep 16th, 2008
User Badges:

hi all,

i have configured failover on my 2 ASA but the secondary unit state is : (Secondary - Failed) as shown below. i have configured LAN-Based Failover and stateful failover on the same gig interface.

Could any one assist me please! Thanks...


=

Updated:

I have found that following information:

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 2

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

UC Proxy Sessions : 2

This platform has an ASA 5520 VPN Plus license.


Does that mean that the license is the problem?

====


Kindly find attached the output of the show commands: (sh failover & sh failover state)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
chris.rae07 Tue, 09/16/2008 - 19:43
User Badges:

Make sure that your failover interfaces are in the up/up state, and that they are not administratively down.


Chris

m.samouka Wed, 09/17/2008 - 01:08
User Badges:

hi, according to the attached show commands the interface is up and the configuration have been successfully replicated on the secondary but the problem is that when i display the status of the failover i found that the status of the Secondary ASA is: Secondary - Failed.


when i enter the commands to switch the ASA from active to standby (no failover active) or on the other ASA (failover active) the process failed.

i'm wondering do i have to contact cisco to change the license on the ASA from Active/Active to Active/Standby as mentioned above?

suschoud Wed, 09/17/2008 - 05:01
User Badges:
  • Gold, 750 points or more

Active/active failover license means that you can setup Active/active as well as Active/standby failover between the units.



Regards,

Sushil

suschoud Wed, 09/17/2008 - 04:59
User Badges:
  • Gold, 750 points or more

The problem here is that the management interfaces :


inside_management

management



have no link between the units.



Issue :



no monitor-interface inside_management

no monitor-interface management



Above commands would effectively stop failover machanism to monitor these two interfaces.



OTHERWISE,CONNECT CABLE BETWEEN THESE INTERFACES JUST AS WITH THE REST OF THE INTERFACES AND ASSIGN ACTIVE/STANDBY IP ADDRESSES ON INTERFACES.



Please rate if helpful



Regards,

Sushil

Actions

This Discussion