cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3268
Views
0
Helpful
4
Replies

cisco asa ha failover issue

secureIT
Level 4
Level 4

Hi All,

Im facing active standby firewall failover issue once in everyday.

From the logs, it looks like there is a "Comm Failure" and "HELLO not heard from mate", as reasons.

 

Can someone help me. Logs attached.

 

syslog:

======

Failover role switch

Failover mate reports failure
Failover replication start

Failover replication complete


No response from failover mate

Failover mate reports failure

Failover replication start

Failover replication complete

 

day-7

11/7/2014 13:06 Alert 103004 Failover mate reports failure (Primary) Other firewall reports this firewall failed.
11/7/2014 13:06 Alert 104001 Failover role switch (Secondary) Switching to ACTIVE - HELLO not heard from mate.
 

day-6

11/6/2014 13:10 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.
11/6/2014 13:10 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).
 

day-6.1

11/6/2014 13:10 Alert 709004 Failover replication complete (Primary) End Configuration Replication (ACT)
11/6/2014 13:10 Alert 709003 Failover replication start (Primary) Beginning configuration replication: Send to mate.
11/6/2014 13:10 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.
11/6/2014 13:10 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).
11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XzzzX Status Undetermined
11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XxxxRX Status Undetermined
11/6/2014 13:10 Alert 105009 (Primary) Testing on interface XyyyyyX Status Undetermined
11/6/2014 13:10 Alert 104001 Failover role switch (Primary) Switching to ACTIVE - HELLO not heard from mate.
 
11/2/2014 16:38 Alert 105009 (Secondary) Testing on interface abcd-interface Status Undetermined
11/2/2014 16:38 Alert 104001 Failover role switch (Secondary) Switching to ACTIVE - HELLO not heard from mate.
11/1/2014 15:24 Alert 103004 Failover mate reports failure (Secondary) Other firewall reports this firewall failed.
11/1/2014 15:24 Alert 103001 No response from failover mate (Primary) No response from other firewall (reason code = 4).
11/1/2014 15:24 Alert 104001 Failover role switch (Primary) Switching to ACTIVE - HELLO not heard from mate.
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

How is the GigabitEthernet0/1 interface connected between the Two Devices which is the fail-over interface.

COMM FAILURE suggests communication issues on this Fail-over interface.

Thanks and Regards,

Vibhor Amrodia

Hi Vibhor,

Gig0/1 Failover interface of firewall is directly connected to another firewall interface -- back to back connectivity.

 

config:-

failover
failover lan unit secondary
failover lan interface Failover GigabitEthernet0/1
failover polltime unit 1 holdtime 3
failover polltime interface 1 holdtime 5
failover replication http
failover link Failover GigabitEthernet0/1
failover interface ip Failover 1.1.1.1 255.255.255.252 standby 1.1.1.2

Hi,

Can you check for "show crash" on both the units ?

See if the unit might have crashed ?

Thanks and Regards,

Vibhor Amrodia

Hi,

Both the firewalls were not rebooted; i have checked the uptime.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: