Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

ASA Failover

Dear All ,

I have two ASA's connected in a failover mode .The issue is that when the inside -switch 1 goes down active ASA (ASA-A ) is not coming to standby mode.

On the active ASA , I have made the configuration to monitor both inside and outside interface , when any of the interface goes down it should switch to standby , but it's not happening .

Please see the attached diagram

Regards

Haris

6 REPLIES

Re: ASA Failover

your attachment means nothing to me.

send me the "show run failover" and "show failover" on both devices.

what software version the ASA'S are using?

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#tri

Francisco

Bronze

Re: ASA Failover

The Version is 7.0(4)12

The basic thing is I put the command "monitor-interface inside" and "monitor-interface outside|" in the configuration and the active one is not going down when the inside interface of the active unit goes down .

The attached is the show failover output in normal condition

Re: ASA Failover

I see you are using LAN-based failover using management 0/0 interface.

Looks like the failover is active but they are failing because there is no link between the PORXY interfaces which is affecting your failover. Make sure that both devices can ping each other PROXY interfaces. you can deselect that interface for now and test your failover again.

I suggest you also upgrade the software because V7.0(4)12 is old.

New Member

Re: ASA Failover

Can you also paste output:

show cpu

show run | include failover

The possible problems:

1. Proxy interface in standby ASA is not up and cannot take over active mode should failover happen.

Fix: ensure both proxy interface IP are pingable for each other

2. Your FW may be too busy (your CPU utilization can tell) so default unit poll interval 1second is too short

Fix: increase to say 5 seconds.

Pls rate if help

Bronze

Re: ASA Failover

Dears ,

Very helpfull post

I put the command to monitor only inside and outside interfaces .

"no monitor-interface PROXY "

After that when Active ASA (ie ASA-A) inside interface is going down ,its switching back to standby (ie to ASA-S) .

But when Active ASA(ASA-A) inside interface coming back again it's not switching back ,

I want my ASA-A to come to active state when all interfaces come up again .

I tested by typing "failover active" on ASA-A to force ASA-A unit to become active , then its coming on active state again.

Any Clues ?

Regards

Haris

Re: ASA Failover

because you are running active/standby in single mode, i dont think that's possible unless you have active/active mode then you can assign preempt to your failover group.

303
Views
8
Helpful
6
Replies