asa5505 failover - then inconsistent state times in sh fail

qubenetworks · ‎08-21-2009

Hi all,

today we had a failover event on a pair of asa5505's running 7.2(4). The standby took over fine and no impact was seen to traffic, strangely, after 58 minutes the primary came back and took over. Running show fail on both units gives the correct info for the standby, but the active unit reports that it has not failed since April (installation date). The switches show no interface problems or anything that could have caused failover, the failover link is switched and no bounce there either.

Basically, the unit has ceased passing traffic for no apparent reason, failed over and then not has recorded this failover to show in the show fail output on the primary.

Has anybody ever seen a similar problem with 5505's running this code, I can't seem to find anything untoward in any of the output or from the logs on the switches?

robertson.michael · ‎08-21-2009

Hi Toby,

Have you also checked the output of 'show fail history' and any syslogs you may have from the time of the failure? This may give you some more insight into what caused the failure.

Hope that helps.

-Mike

qubenetworks · ‎08-24-2009

Hi Mike, thanks for the tip, afraid the output gives nothing useful on the active and a 'hello not heard from mate' on the standby - once again seeming to indicate the active unit stopped processing IP packets. The customers traffic is quite low and I saw nothing in the syslogs, I'm guessing when the event happened, the syslog messages failed to get sent out. It has been stable for a few days now, so I am just going to keep an eye on it and if it goes again, try a hard reboot.

Thanks

Toby