Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Failover - outside interface confusion

Hi,

Customer has ASA 5520 pairs in Active/Standby configuration.  The firewalls are physically across campus from each other.  The outside interfaces are connected into the same VLAN (Cisco enterprise switches).  Upstream is a pair of Juniper routers using a virtual gateway address (VRRP).

The environment was stable for over a year until the customer made some changes to the switched environment (not totally sure what changed).

Basically when I bring the secondary firewall back online, the Internet access goes down or they experience flaky Internet behavior (slow downs).  When I disable the switch interface connected to the secondary ASA outside interface, the Internet access is still unavailable unless I reboot the primary.

So there seems to be confusion on the outside LAN segment (ARP issues, interface issues, switch issues, VRRP, etc).

I tried hard coding the primary/secondary mac addresses, but that didn't seem to help.

Sorry for the lack of detail, but just looking for some general troubleshooting ideas.

Regards,

Dale

181
Views
0
Helpful
0
Replies
CreatePlease login to create content