Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
5
Replies

Failover (up but not working???)

m.samouka
Level 1
Level 1

‎09-16-2008 02:47 PM - edited ‎03-09-2019 09:29 PM

hi all,

i have configured failover on my 2 ASA but the secondary unit state is : (Secondary - Failed) as shown below. i have configured LAN-Based Failover and stateful failover on the same gig interface.

Could any one assist me please! Thanks...

=

Updated:

I have found that following information:

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 2

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

UC Proxy Sessions : 2

This platform has an ASA 5520 VPN Plus license.

Does that mean that the license is the problem?

====

Kindly find attached the output of the show commands: (sh failover & sh failover state)

Labels:
0 Helpful
5 Replies 5

m.samouka
Level 1
Level 1

‎09-16-2008 04:18 PM

.

Preview file
4 KB
0 Helpful

chris.rae07
Level 1
Level 1

‎09-16-2008 07:43 PM

Make sure that your failover interfaces are in the up/up state, and that they are not administratively down.

Chris

0 Helpful

m.samouka
Level 1
Level 1
In response to chris.rae07

‎09-17-2008 01:08 AM

hi, according to the attached show commands the interface is up and the configuration have been successfully replicated on the secondary but the problem is that when i display the status of the failover i found that the status of the Secondary ASA is: Secondary - Failed.

when i enter the commands to switch the ASA from active to standby (no failover active) or on the other ASA (failover active) the process failed.

i'm wondering do i have to contact cisco to change the license on the ASA from Active/Active to Active/Standby as mentioned above?

0 Helpful

suschoud
Cisco Employee
Cisco Employee
In response to m.samouka

‎09-17-2008 05:01 AM

Active/active failover license means that you can setup Active/active as well as Active/standby failover between the units.

Regards,

Sushil

0 Helpful

suschoud
Cisco Employee
Cisco Employee

‎09-17-2008 04:59 AM

The problem here is that the management interfaces :

inside_management

management

have no link between the units.

Issue :

no monitor-interface inside_management

no monitor-interface management

Above commands would effectively stop failover machanism to monitor these two interfaces.

OTHERWISE,CONNECT CABLE BETWEEN THESE INTERFACES JUST AS WITH THE REST OF THE INTERFACES AND ASSIGN ACTIVE/STANDBY IP ADDRESSES ON INTERFACES.

Please rate if helpful

Regards,

Sushil

0 Helpful
Customers Also Viewed These Support Documents