Both ASA firewalls become ACTIVE in Active/Standby failover
Two ASA 5520 firewalls running with Cisco Adaptive Security Appliance Software Version 8.0(3), are configured for active/standby failover.
Firewalls are connected directly using cross-over cable.
Everything was working fine.
But, from past few days both become active, which causes network to fluctuate.
I am attaching a document along with this post, where I have tabulated all the actions carried out to test active/standby failover. Everything seems to be fine at that moment. After few days,all of a sudden both firewalls become active.
Please suggest some workaround for the above scenario.
Re: Both ASA firewalls become ACTIVE in Active/Standby failover
It definitely looks like a problem with the failover communication. Show failover indicates that the primary does not detect the secondary:
Other host: Secondary - Not Detected
And "show failover history" indicates that it because active because no active unit was detected at boot time:
15:09:34 IST Oct 14 2009
Negotiation Just Active No Active unit found
Or was the secondary perhaps booting at that time?
What do these same commands tell you right now, and both on the primary and on the secondary?
Also, you referred to "the failover cable", do you mean that the failover interfaces are directly connected to each other using a crossover cable?
Auto-Duplex(Half-duplex) seems to indicate that the other side is set to Full-Duplex (hardcoded). So if they are connected through a switch, set the switchports to auto/auto. Alternatively, set the ASA ports to 100/full hardcoded.
Polltime of 1 sec is ok, I see your holdtime is 15 sec so we would have to miss 15 hello packets for failover to break. I doubt that this is caused by the duplex issue.
Getting syslogs of the next occurrence may help, as may "show console".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...