Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2502
Views
0
Helpful
2
Replies

Failover ASA 5580 Unsync with Active

salman-ahmad
Level 1
Level 1

‎02-20-2012 08:37 PM - edited ‎03-11-2019 03:33 PM

Hi,

I have encountered a problem in one of customer that the Active ASA 5580 is unable to sync with Standby Failover ASA. When Active is connected with FO and push the configs to it will not find the ethernet/Gig interfaces due to which the all the configuration were not applied and when the primary ASA the secondary is unable to respond.

When i attached console with the Standby ASA i have seen this error.

Number of interfaces on Active and Standby are not consistent.If the problem persists, you should disable and re-enable failover

on the Standby.

For detail undestanding i am attaching the configs of primary and standby ASA. The KHI-DR-ASA-BB-01 is the standyby firewall.

Do let me know for any furhter clarification and understanding.

Thanks & Regards,

Salman Ahmed

1 person had this problem
Labels:
122877-KHI-ASA-Faysal House.txt.zip
122876-KHI-DR-ASA-BB-01.TXT.zip
0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎02-29-2012 12:23 PM

Hi Salman,

The error message you see is correct. Since the Secondary ASA does not have the Gig3/0 - 3/3 interfaces, it cannot be part of the failover pair (it would not be able to pass traffic if the Primary ASA failed).

Double check the Secondary ASA and make sure the interface card in slot 3 is installed correctly. If you suspect a hardware failure, please open a TAC case to have it investigated.

-Mike

0 Helpful

haivrajesh
Level 1
Level 1

‎02-29-2012 01:01 PM

Hi Salman,

I understand you have assigned management0/1 as failover interface.this case you have to remove management only on m0/1 interface on both firewall.

Regards

Rajeswar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card