Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA 8.4(4) failover issue

Hi guys,


I'm having a strange behaviour in an ASA cluster running 8.4(4) regarding failover feature, from the Active node standpoint if I issue a "show failover" I have the following result

------------------ show failover ------------------

Failover On 
Failover unit Primary
Failover LAN Interface: dmz_failover GigabitEthernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 3 seconds
Interface Poll frequency 1 seconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 2 of 160 maximum
failover replication http
Version: Ours 8.4(4), Mate 8.4(4)
Last Failover at: 13:12:39 UTC May 6 2014
    This host: Primary - Active 
        Active time: 1247 (sec)
        slot 0: ASA5520 hw/sw rev (2.0/8.4(4)) status (Up Sys)
          Interface internetwork.wan ( Normal (Monitored)
          Interface A.dmz ( Link Down (Not-Monitored)
          Interface B.dmz ( Link Down (Not-Monitored)
          Interface C.dmz ( Link Down (Not-Monitored)

          Interface ( Normal (Monitored)
          Interface management ( Link Down (Not-Monitored)
        slot 1: empty
    Other host: Secondary - Standby Ready 
        Active time: 0 (sec)
        slot 0: ASA5520 hw/sw rev (2.0/8.4(4)) status (Up Sys)
          Interface internetwork.wan ( Normal (Monitored)
          Interface A.dmz ( Normal (Not-Monitored)
          Interface B.dmz ( Normal (Not-Monitored)
          Interface C.dmz ( Normal (Not-Monitored)

          Interface ( Normal (Monitored)
          Interface management ( Normal (Not-Monitored)
        slot 1: empty


Regarding the following interfaces:

--> A.dmz

--> B.dmz

--> C.dmz


This dmz's are sub-interfaces associated to the same physical interface, that are in shutdown mode, from the switching interface they are also in shutdown mode.


So I understand from the active node standpoint we have a "Link Down" situation, but I don'e understand how can this be in "normal" state from the failover node stand point



Bruno Fernandes


Everyone's tags (1)

Hi Bruno, Its look to be L2

Hi Bruno,


Its look to be L2 issue. Please check the vlan is created and extended in the switches

New Member

Hi Yadav, The physical

Hi Yadav,


The physical interfaces associated with those dmz's/sub-intf is in shutdown mode… that's not the reason from my point of view




Hall of Fame Super Silver

Are the interfaces excluded

Are the interfaces excluded from failover monitoring in the config? ("no monitor-interface dmz")

New Member

Hi Marvin, Yes does

Hi Marvin,


Yes does interfaces are not monitored, has a side note does dmz's are not being use now….also I don't have a specific "no monitor dmz" in the config !!!! but I'm 100% positive that I have uncheck the box regarding the monitoring option for does dmz's (in ASDM) ……but I will try




Hall of Fame Super Silver

I haven't a spare pair to try

I haven't a spare pair to try it on but I suspect your earlier comment about them being shutdown will exclude them from monitoring - even without the "no monitor-interface ___" command. That would make sense since if they are configured shutdown there's no way they will be up on either the active or standby unit. bottom line would be that what you see in "show failover" is completely normal.

CreatePlease to create content