VSS Core to ASA Active/Standby- Port Flapping

Unanswered Question
Aug 23rd, 2010
User Badges:

Has anyone implemented a VSS Core to ASA Active/Standby pair, where the inside interface of the ASA primary is in VSS Switch 1 and the inside interface of the ASA Secondary is in VSS Switch 2 and the port on the switch plugged into the ASA secondary is continually going up and down?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Mon, 08/23/2010 - 06:31
User Badges:
  • Cisco Employee,

Transparent or routed mode firewall?

Assuming it is a new install, if you leave the pri/act turned off, does the port on the sec/standby inside interface still goes down and up?

Try to change

1. cable

2. port on the swtich

3. verify speed duplex settings on both end.

and see if that makes any diff.


bimckenz Mon, 08/23/2010 - 06:36
User Badges:

This isn't a new implementation. The only thing that was changed is that the ASA pair went from

being plugged into a 6509 to being plugged into a VSS pair. everything else is the same. The port on the switch that is plugged into the ASA secondary comes up for a second and then immediately goes down and this repeats. I was wondering if there were any caveats with VSS and ASA active/passive pairs.

Kureli Sankar Mon, 08/23/2010 - 06:46
User Badges:
  • Cisco Employee,

I have not heard of any known caveats. You may want to try the options that I mentioned about.

If it doesn't do it for the other interface but only for the inside interface I'd suspect either the ASA port or the swtich port or the cable.



This Discussion