Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

cisco asa ha failover issue

Hi All,

Im facing active standby firewall failover issue once in everyday.

From the logs, it looks like there is a "Comm Failure" and "HELLO not heard from mate", as reasons.

 

Can someone help me. Logs attached.

 

syslog:

======

Failover role switch

Failover mate reports failure
Failover replication start

Failover replication complete


No response from failover mate

Failover mate reports failure

Failover replication start

Failover replication complete

 

day-7

11/7/2014 13:06 Alert 103004 Failover mate reports failure (Primary) Other firewall reports this firewall failed.
11/7/2014 13:06 Alert 104001 Failover role switch (Secondary) Switching to ACTIVE - HELLO not heard from mate.
 

day-6

11/6/2014 13:10 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.
11/6/2014 13:10 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).
 

day-6.1

11/6/2014 13:10 Alert 709004 Failover replication complete (Primary) End Configuration Replication (ACT)
11/6/2014 13:10 Alert 709003 Failover replication start (Primary) Beginning configuration replication: Send to mate.
11/6/2014 13:10 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.
11/6/2014 13:10 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).
11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XzzzX Status Undetermined
11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XxxxRX Status Undetermined
11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XyyyyyX Status Undetermined
11/6/2014 13:10 Alert 104001 Failover role switch (Primary) Switching to ACTIVE - HELLO not heard from mate.
 
11/2/2014 16:38 Alert 105009 (Secondary) Testing on interface abcd-interface Status Undetermined
11/2/2014 16:38 Alert 104001 Failover role switch (Secondary) Switching to ACTIVE - HELLO not heard from mate.
11/1/2014 15:24 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.
11/1/2014 15:24 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).
11/1/2014 15:24 Alert 104001 Failover role switch (Primary) Switching to ACTIVE - HELLO not heard from mate.
4 REPLIES
Cisco Employee

Hi,How is the

Hi,

How is the GigabitEthernet0/1 interface connected between the Two Devices which is the fail-over interface.

COMM FAILURE suggests communication issues on this Fail-over interface.

Thanks and Regards,

Vibhor Amrodia

New Member

Hi Vibhor,Gig0/1 Failover

Hi Vibhor,

Gig0/1 Failover interface of firewall is directly connected to another firewall interface -- back to back connectivity.

 

config:-

failover
failover lan unit secondary
failover lan interface Failover GigabitEthernet0/1
failover polltime unit 1 holdtime 3
failover polltime interface 1 holdtime 5
failover replication http
failover link Failover GigabitEthernet0/1
failover interface ip Failover 1.1.1.1 255.255.255.252 standby 1.1.1.2

Cisco Employee

Hi,Can you check for "show

Hi,

Can you check for "show crash" on both the units ?

See if the unit might have crashed ?

Thanks and Regards,

Vibhor Amrodia

New Member

Hi,Both the firewalls were

Hi,

Both the firewalls were not rebooted; i have checked the uptime.

461
Views
0
Helpful
4
Replies
CreatePlease to create content