Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
769
Views
0
Helpful
5
Replies

HA is not working in ASA 5525X

Muthukumar P
Level 1
Level 1

‎11-15-2017 02:41 AM - edited ‎02-21-2020 06:45 AM

HI Team,

            We have two ASA 5525X and working with HA suddenly HA is not working . I have attached show tech support for both firewalls. As of now running with secondary firewall only suppose switch off/reboot the secondary firewall ,primary firewall is not taking ownership and getting console output nofailover..

 

Please help on this..

 

Labels:
0 Helpful
5 Replies 5

Muthukumar P
Level 1
Level 1

‎11-15-2017 02:47 AM

 
Preview file
169 KB
0 Helpful

Muthukumar P
Level 1
Level 1
In response to Muthukumar P

‎11-15-2017 02:48 AM

 
Preview file
182 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Muthukumar P

‎11-15-2017 03:52 AM

Your primary firewall has the command "no failover" in the running configuration.

 

That will prevent it from negotiating state with the mate and result in the "stbyNoFailover" you see in the prompt.

0 Helpful

Muthukumar P
Level 1
Level 1
In response to Marvin Rhoads

‎11-15-2017 03:58 AM

Hi,

    Ok.. Thanks for the identification..which configuration required to resolve the issue..Because if i try to configure fail over command getting following error

 

Mate NOT PRESENT card in slot 3 is different from mine SFR5525

 

Please suggest on this..

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Muthukumar P

‎11-15-2017 04:08 AM

It's complaining that the inventory is not the same because you have the sfr module installed and up/up on the primary unit. That's even though you have the "no monitor-interface service-module" command set which should override that check.

 

If you're not using it (or planning to use it), try uninstalling the software module on the primary appliance.

 

sw-module module ips uninstall

If you do plan to use it then install it on the secondary appliance (using the 6.2 image like is installed already on the primary). Detailed instructions can be found here:

 

https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc7

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card