Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Standby ASA - only one ping reply

Hi - My customer has a pair of ASAs in an active/standby pair.

If we ping an address on the standby device from a device on the same subnet, we get a response to the first ping and then the rest time out.

I we watch the live event log, we see the four other pings get dropped, despite the fact that we've enabled icmp to that interface.

After that we cannot ping it, unless we reset the pc interface and then we get the same again.

Show failover looks fine.

Has anyone come across this kind of behaviour before? It's not service affecting but my customer is worried about the health of the failover process

Any advice greatly appreciated

Cheers, Dom

4 REPLIES

Re: Standby ASA - only one ping reply

Hi,

How do you have both ASAs connected?

Do you have both ASAs connected directly with a network cable or connected to the same switch for the failover link?

Also, the interfaces on both ASAs share the same VLAN on the same switch or different switches?

Federico.

Cisco Employee

Re: Standby ASA - only one ping reply

Why are pings dropped? What is the log drop reason?

PK

New Member

Re: Standby ASA - only one ping reply

Hi Guys - Thanks for your responses.

The failover interfaces of the firewalls are connected by a cross over cable and the host and both vlan interfaces in question are plugged into the same L2 switch - the toplogy is about as simple as it could be

Cheers, Dom

Re: Standby ASA - only one ping reply

Hi,

You're saying that the four ethernet connections from the ASAs are plugged into the same L2 switch?

By four connections i mean (both outside and both inside interfaces of both ASAs)?

If this is so... are both outsides and both insides separate in a different VLAN on the switch?


Could you also check the switch itself that there are no STP loops and the ports are up and operational fine?

Federico.

725
Views
0
Helpful
4
Replies
CreatePlease to create content