Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5580 with 4*10 GB module act/act failover not working

If we switch from primary to secondary firewall the interfaces on the secondary  go to state waitung than to failed.

after awhile the secondary gives the control to the primary.

it seem that traffic passes the secondary firewall during this short failover time .

we have several context created  on the firewall, Switch Ports checked , cabeling check everythink checked

blackhole Interface inside (10.255.102.134): Normal (Waiting)

blackhole Interface shared (10.255.102.134): Normal (Waiting)

               

blackhole Interface inside (10.255.102.133): Failed (Waiting)

blackhole Interface shared (10.255.102.133): Normal

blackhole Interface inside (10.255.102.133): Normal (Waiting)

blackhole Interface shared (10.255.102.133): Normal

any idea

Thanks in advanced

5 REPLIES
Cisco Employee

ASA 5580 with 4*10 GB module act/act failover not working

Alfred,

You will see this behavior when the monitoring packets between interface are getting lost. You can try to capture the traffic between the two units and you will notice if the packets the packets are actually getting lost.

Luis Silva

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

ASA 5580 with 4*10 GB module act/act failover not working

Hi Luis

You mean capture only from the failover interface or all interfaces ?

sincereley

Cisco Employee

ASA 5580 with 4*10 GB module act/act failover not working

Alfred,

I mean regular interfaces, since the ASA also tries those interfaces.

Luis

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

ASA 5580 with 4*10 GB module act/act failover not working

Hi

Solution (  as Luis mentioned )

configured the captures on the inside interfaces of the contextDid a test and noticed a delay between the hello packets sent from the active unit and the replies
from the peer :

e.g. no response from 2.2.2.2

52: 07:40:57.019591 802.1Q vlan#715 P0 1.1.1.1 > 2.2.2.2 :  ip-proto-105, length 44

53: 07:40:57.119561 802.1Q vlan#715 P0 1.1.1.1> 2.2.2.2 ip-proto-105, length 44

54: 07:40:57.219501 802.1Q vlan#715 P0 1.1.1.1> 2.2.2.2 ip-proto-105, length 44

55: 07:40:57.319472 802.1Q vlan#715 P0 1.1.1.1> 2.2.2.2 vip-proto-105, length 44

56: 07:40:57.419503 802.1Q vlan#715 P0 1.1.1.1> 2.2.2.2 ip-proto-105, length 44

57: 07:40:57.519840 802.1Q vlan#715 P0 1.1.1.1> 2.2.2.2 ip-proto-105, length 48

Increased the polltime/holdtime under failover group 1, did the test, and noticed that all started to work fine with no issues.

Cisco Employee

ASA 5580 with 4*10 GB module act/act failover not working

Glad to hear that my suggestion gave you a bettter idea of how to solve the issue.

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
379
Views
0
Helpful
5
Replies