Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with failover when replacing primary ASA - required reboot

We had our primary ASA-5520 fail. Both primary and secondary were running 8.4(1). The primary was active, and we only configured the failover commands on new primary ASA. However, upon inserting the primary ASA into the network and powering it up, we subsequently lost access to everything. We ended up having to power down the new primary and reboot the old secondary that had been primary.

The next question probably deserves a separate post, but upon rebooting the secondary, we had several hosts that were not accessible - the traffic to and from these hosts simply wouldn't pass through the firewall. You could ping them from the firewall, but not traffic to go through the firewall to/from these hosts. Even if I turned on icmp debugging, the traffic to and from these hosts simply didn't show up in the debugging, and there were no hits on the access lists. Again, this is both inside and outside interfaces. I turned on packet captures using the "capture" command, and very interestingly, as soon as I would add a host into the access list, it magically started to pass traffic.

2 REPLIES
New Member

Problem with failover when replacing primary ASA - required rebo

I just had the exact same issue this morning. I had the following errors in my logs.

<164>%ASA-4-405001: Received ARP response collision from [ip address]/[mac address] on interface failover with existing ARP entry [ip address]/[mac address]

Permalink

<164>%ASA-4-411005: Interface GigabitEthernet0/3 experienced a hardware transmit hang. A software reset has been performed.

<161>%ASA-1-105043: (Secondary) Failover interface failed

--

VIP Purple

Re: Problem with failover when replacing primary ASA - required

I would upgrade to a more recent version. I also ran into multiple problems with 8.4.1. These problems were all solved from 8.4.3 on and now it's running stable again.

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
965
Views
0
Helpful
2
Replies
CreatePlease to create content