Hi Vibhor,Gig0/1 Failover

secureIT · ‎11-11-2014

Hi All,

Im facing active standby firewall failover issue once in everyday.

From the logs, it looks like there is a "Comm Failure" and "HELLO not heard from mate", as reasons.

Can someone help me. Logs attached.

syslog:

======

Failover role switch

Failover mate reports failure
Failover replication start

Failover replication complete

No response from failover mate

Failover mate reports failure

Failover replication start

Failover replication complete

day-7

11/7/2014 13:06 Alert 103004 Failover mate reports failure (Primary) Other firewall reports this firewall failed.

11/7/2014 13:06 Alert 104001 Failover role switch (Secondary) Switching to ACTIVE - HELLO not heard from mate.

day-6

11/6/2014 13:10 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.

11/6/2014 13:10 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).

day-6.1

11/6/2014 13:10 Alert 709004 Failover replication complete (Primary) End Configuration Replication (ACT)

11/6/2014 13:10 Alert 709003 Failover replication start (Primary) Beginning configuration replication: Send to mate.

11/6/2014 13:10 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.

11/6/2014 13:10 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).

11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XzzzX Status Undetermined

11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XxxxRX Status Undetermined

11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XyyyyyX Status Undetermined

11/6/2014 13:10 Alert 104001 Failover role switch (Primary) Switching to ACTIVE - HELLO not heard from mate.

11/2/2014 16:38 Alert 105009 (Secondary) Testing on interface abcd-interface Status Undetermined

11/2/2014 16:38 Alert 104001 Failover role switch (Secondary) Switching to ACTIVE - HELLO not heard from mate.

11/1/2014 15:24 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.

11/1/2014 15:24 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).

11/1/2014 15:24 Alert 104001 Failover role switch (Primary) Switching to ACTIVE - HELLO not heard from mate.

Vibhor Amrodia · ‎11-12-2014

Hi,

How is the GigabitEthernet0/1 interface connected between the Two Devices which is the fail-over interface.

COMM FAILURE suggests communication issues on this Fail-over interface.

Thanks and Regards,

Vibhor Amrodia

secureIT · ‎11-12-2014

Hi Vibhor,

Gig0/1 Failover interface of firewall is directly connected to another firewall interface -- back to back connectivity.

config:-

failover
failover lan unit secondary
failover lan interface Failover GigabitEthernet0/1
failover polltime unit 1 holdtime 3
failover polltime interface 1 holdtime 5
failover replication http
failover link Failover GigabitEthernet0/1
failover interface ip Failover 1.1.1.1 255.255.255.252 standby 1.1.1.2

Vibhor Amrodia · ‎11-12-2014

Hi,

Can you check for "show crash" on both the units ?

See if the unit might have crashed ?

Thanks and Regards,

Vibhor Amrodia

secureIT · ‎11-13-2014

Hi,

Both the firewalls were not rebooted; i have checked the uptime.

cisco asa ha failover issue