Failover failed in ASA 5510

Answered Question
Aug 3rd, 2009

Hello:

Hope someone can help me in this issue, today I spent several hours in it but I wasn't be able to fix it.

Two ASA 5510 appliances configured for failover through management interface. At the beginning, both were connected to a switch with 2 sub-interfaces in each one, one VLAN for sinchro and the other one for stateful.

As it didn't work I connected both ASA directly configuring only the monitoring interface. I have ping between them, both interfaces are up and I removed the command "management-only" from management. Both have the same license, model, version but always have the same error:

Failover LAN Interface: controlasa Management0/0 (Failed - No Switchover)

Attach the output from the next commands from both ASA:

- show run failover

- show failover

- show version

- show run management 0/0

Hope someone sees what happen...

Many thanks,

Francisco

I have this problem too.
0 votes
Correct Answer by srue about 7 years 4 months ago

what do you mean both interfaces? you have 4 regular interfaces defined (inside,outside, 2xdmz). Check the vlan configuration on those switch ports.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
srue Mon, 08/03/2009 - 06:40

it looks like neither asa can see the other fully. check your switchport assignments as far as the vlans go.

make sure you interfaces are not shutdown on either one.

Francisco Del Cura Mon, 08/03/2009 - 06:51

Right now two ASA are connected directly, both interfaces are up/up (there is connectivity between them throug ping)

Correct Answer
srue Mon, 08/03/2009 - 06:56

what do you mean both interfaces? you have 4 regular interfaces defined (inside,outside, 2xdmz). Check the vlan configuration on those switch ports.

Francisco Del Cura Mon, 08/03/2009 - 07:04

With both interfaces I mean the management interfaces in the appliances.

Yes, they have 4 interfaces, the primary has all of them connected and up and it's providing connectivity to the customer. The secondary only has connected and up the interface management (connected to the another ASA). I didn't connect the regular interfaces because the failover is not working and I would have duplicity IP's issues

srue Mon, 08/03/2009 - 07:14

failover's not working because you haven't connected all interfaces on the secondary.

on the secondary there should be NO configuration other than your failover commands and bringing each interface out of the shutdown state.

reset the config on the secondary (wr er) and then copy/paste in the failover config AFTER you've plugged in ALL interfaces.

Actions

This Discussion