Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
2
Replies

ASA failover issue

Syed Khaja Afzal Hussain
Level 1
Level 1

‎07-28-2013 05:36 AM - edited ‎03-11-2019 07:18 PM

Dears all,

        I have some issue on ASA active and standby devices.  the below behaviour is normal or abnormal, because we are facing slow network.  Can you tell me about below errors.

Monitored Interfaces 11 of 1025 maximum

Version: Ours 8.4(4)1, Mate 8.4(4)1

Last Failover at: 18:56:49 UTC Oct 24 2012

        This host: Secondary - Active

                Active time: 23936387 (sec)

                slot 0: ASA5585-SSP-20 hw/sw rev (1.0/8.4(4)1) status (Up Sys)

                 Interface voice (192.168.9.1): Normal (Monitored)

                  Interface ServersZone (192.168.10.1): Normal (Monitored)

                  Interface serv_dev (192.168.12.1): Normal (Monitored)

                  Interface serve_quality (192.168.13.1): Normal (Monitored)

                  Interface ERPZone (192.168.14.1): Normal (Not-Monitored)

                  Interface vmware (192.168.17.1): Normal (Monitored)

                  Interface Storage_Blade (192.168.18.1): Normal (Monitored)

                  Interface VM_KERNEL (192.168.19.1): Normal (Not-Monitored)

                  Interface access_control (192.168.30.1): Normal (Monitored)

                  Interface security_device (192.168.33.1): Normal (Not-Monitored)

                  Interface net_mgmt (192.168.34.1): Normal (Monitored)

                  Interface cam_mgmt (192.168.35.1): Normal (Not-Monitored)

                  Interface OUTSIDE (192.168.32.18): Normal (Monitored)

                slot 1: empty

        Other host: Primary - Standby Ready

                Active time: 837 (sec)

                slot 0: ASA5585-SSP-20 hw/sw rev (1.0/8.4(4)1) status (Up Sys)

                

                  Interface voice (192.168.9.2): Normal (Monitored)

                 Interface ServersZone (192.168.10.1): Normal (Monitored)

Interface serv_dev (192.168.12.2): Normal (Monitored)

                  Interface serve_quality (192.168.13.2): Normal (Monitored)

                  Interface ERPZone (192.168.14.2): Normal (Not-Monitored)

                  Interface vmware (192.168.17.2): Normal (Monitored)

                  Interface Storage_Blade (192.168.18.2): Normal (Monitored)

                  Interface VM_KERNEL (192.168.19.2): Normal (Not-Monitored)

                  Interface access_control (192.168.30.2): Normal (Monitored)

                  Interface security_device (192.168.33.2): Normal (Not-Monitored)

                  Interface net_mgmt (192.168.34.2): Normal (Monitored)

                  Interface cam_mgmt (192.168.35.2): Normal (Not-Monitored)    ------>   this behaviour is normall or not?

                  Interface OUTSIDE (192.168.32.18): Normal (Monitored)

                slot 1: empty

-------------------------------

show failover state

               State          Last Failure Reason      Date/Time

This host  -   Secondary

               Active         Ifc Failure              18:56:45 UTC Oct 24 2012

Other host -   Primary

               Standby Ready  Ifc Failure              18:56:49 UTC Oct 24 2012

                             access_control: Failed     ---->  This is normal behavoiur

                              net_mgmt: Failed

====Configuration State===

        Sync Done - STANDBY

====Communication State===

        Mac set

which i was highlighted in bold not monitored is normal or any issue.

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-28-2013 07:56 AM

The not-monitored / monitored state is just telling you how failover is configured. We typically setup ASA to monitor all active interfaces so that if any one goes down a failover event is triggered. (Reference)

Your "show failover state" output explains that the last failover event was due to loss of connectivity on two interfaces on the Primary unit.

Since the current state is "Secondary - Active" and "Primary - Standby Ready", all is well with respect to the ASA failover pair.

0 Helpful

mvsheik123
Level 7
Level 7
In response to Marvin Rhoads

‎07-28-2013 08:02 AM

To add to Marvin's explanation, refer to the below link...

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1285409

Thx

MS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card