Yes, as I mentioned, I have the security plus license on both ASAs.

I am not seeing much in terms of logs which is why I am a little stuck.  From the show failover history on ASA01 I get the following which the 10:07 is roughly when I enabled it again this morning in my testing attempt:

01:19:15 UTC Mar 10 2014
Active                     Disabled                   Set by the config command

10:07:47 UTC Mar 10 2014
Disabled                   Negotiation                Set by the config command

10:08:33 UTC Mar 10 2014
Negotiation                Just Active                No Active unit found

10:08:33 UTC Mar 10 2014
Just Active                Active Drain               No Active unit found

10:08:33 UTC Mar 10 2014
Active Drain               Active Applying Config     No Active unit found

10:08:33 UTC Mar 10 2014
Active Applying Config     Active Config Applied      No Active unit found

10:08:33 UTC Mar 10 2014
Active Config Applied      Active                     No Active unit found

10:47:17 UTC Mar 10 2014
Active                     Disabled                   Set by the config command

==========================================================================

Hi,

Actually the secondary Unit looks good in regards to failover:

Failover unit Secondary
Failover LAN Interface: FAILOVER_LAN Vlan50 (up)

But The primary ASA failover link is still down

Failover LAN Interface: FAILOVER_LAN Vlan50 (Failed - No Switchover)

Can you check status on the Switch for ports connecting to the ASA, change cables as well.

Note: when you ping from the switch the ARP table pointing to the primary ASA IP address belongs to which Firewal. ASA Primary or Secondary?

That is what I thought too Julio, and that is why I got more confused, because the primary (the one showing down) is the only one I *can* ping from the switch....

You can see the interface status in my sw01.txt file attached where I ran a sh int gi1/0/21.  It is showing up/up.  I have also verified by changing the vlan that port accesses and am able to communicate over it, so it isn't a bad cable/port...and I can ping it as noted.

The arp table on the switch for the 10.0.50.1 (primary failover interface ip) shows the mac address of the primary asa vlan 50 interface.  I would think that is as expected then.

So I am at a loss as to why from the switch I can't ping the secondary (unless that makes sense since it hasn't brought up the secondary address since it hasn't joined the primary yet) but it shows link up, yet I can ping the primary but it shows link down.

*Puzzled*.

Remove the failover configuration.  then set an IP on the failover interface of both ASAs and see if you can ping between them.

--

Please remeber to rate and select a correct answer

Have you tried changing the cable between the ASAs?

Have you tested connectivity between the ASAs?  set an IP address on the interface and ping between them. Please let me know the results.

--

Please remember to rate and select a correct answer

I can ping between the ASAs using another interface/vlan.  The failover interface I cannot ping as it seems to not have brought up the addresses yet on the secondary since it hasn't joined the primary.

From the switch I can ping either on an alternate vlan and on the failover vlan I can only ping the primary asa.