Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2597
Views
0
Helpful
2
Replies

ASA5550 automatically rebooted

vivekanand.vishwakarma
Level 1
Level 1

‎12-30-2009 10:26 PM - last edited on ‎03-25-2019 05:44 PM by Community Manager

Hi,

In our setup we have configured LAN base failover in ASA5550 firewalls in Active/Standby mode.Yesterday automatic failover happened and secondary become active and primary in standby mode.

When we checked the primary firewall we found that it was rebooted.

We have not configured the syslog server so we have left no log with us.Even in show tech support we are not finding any log message and crash file info is also not there.

Can we find out the root cause of firewall reboot without syslog or console log message?

Failover messages:

If we see the “show failover history” output on secondary ASA5550 firewall  

we get the following log:

==========================================================================

From State                 To State                   Reason

==========================================================================

00:23:07 IST Dec 23 2009

Standby Ready              Just Active                HELLO not heard from mate

00:23:08 IST Dec 23 2009

Just Active                Active Drain               HELLO not heard from mate

00:23:08 IST Dec 23 2009

Active Drain               Active Applying Config     HELLO not heard from mate

00:23:08 IST Dec 23 2009

Active Applying Config     Active Config Applied      HELLO not heard from mate

00:23:08 IST Dec 23 2009

Active Config Applied      Active                     HELLO not heard from mate

-------------------------------------------------------------------------------------------------------------------

If we see the “show failover history” output on Primary ASA5550 firewall at 00:23:07 

IST Dec 23 2009 there is no log available.

On Primary failover log is available on 00:25:25 IST Dec 23 2009 (After Secondary became Active).

==========================================================================

From State                 To State                   Reason

             

==========================================================================

00:25:25 IST Dec 23 2009

Not Detected               Negotiation                No Error

00:25:32 IST Dec 23 2009

Negotiation                Cold Standby               Detected an Active mate

00:25:34 IST Dec 23 2009

Cold Standby               Sync Config                Detected an Active mate

00:25:46 IST Dec 23 2009

Sync Config                Sync File System           Detected an Active mate

00:25:46 IST Dec 23 2009

Sync File System           Bulk Sync                  Detected an Active mate

00:25:50 IST Dec 23 2009

Bulk Sync                  Standby Ready              Detected an Active mate

Please help me.

Thanks in advance.

Cheers!!!!!!!!

Vivekanand V

Labels:
0 Helpful
2 Replies 2

francisco_1
Level 7
Level 7

‎12-31-2009 03:55 AM

Hello Vivekanand,

Are the ASAs directly connected for the LAN failover or connected to a switch port?

Also what is the software version?

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to francisco_1

‎12-31-2009 12:29 PM

Vivekanand,

Pls. see if the unit shows any output for "sh crash". If so, pls. open a TAC case and provide them the crash info. along with a sh tech and we will be able to decode the crash and let you know if you are running into an already known issue and suggest a code upgrade accordingly.

If this is a new crash then, we would file a defect to address this.

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card