Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5540 failover traffic not passing

I have ASA5540 running in failover mode. When on the primary firewall all is well however when it failover to the backup can't pass traffic to the internet configs are exact. Also see this in my internet router logg: Apr 2 11:03:50: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.1.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done

Apr 2 11:05:46: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.1.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done. Is this a normal condition?

1 REPLY
Bronze

Re: ASA5540 failover traffic not passing

The error %OSPF-5-ADJCHG: Process ID , Nbr [ip-address] on GigabitEthernet 1/0/3 from FULL to DOWNis caused due to Bidirectional Forwarding Detection (BFD) errors. BFD can potentially generate false alarms-signaling a link failure when one does not exist.

The timers used for BFD are so intensive CPU cycle, or a brief interval of data corruption or queue congestion could potentially cause BFD to miss enough control packets to allow the detect-timer to expire. The Minimum Transmit Interval, Minimum Receive Interval and Multiplier are recommended to be set as 100 100 3 respectively. Configuring process-max-timer 50 is also recommended to prevent unpredictable CPU unavailability.

141
Views
0
Helpful
1
Replies
CreatePlease to create content