The active ASA firewall failed over to the standby due to an 'interface failure' with a sub-interface.
This monitored sub-interface (DMZ) is part of physical interface with several other sub-interfaces (DMZs) that are also monitored for failover. None of these appeared to have failed at the same time however. It's just this one sub-interface that indicated as failed.
The physical interface for the sub-interface is connected to a switch stack. There were no problems with the physical interface on either the previously active firewall, or the switch stack. According to monitoring, no problems indicated either with traffic/CPU/mem usage on either the firewall or the switch stack also during this time. The VLAN on the switch for this firewall sub-interface is currently only active & trunked to the firewall cluster. Hosts on the switch in this VLAN were removed a few weeks ago. Again no problem with VLAN that I can see.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...