strange failover problem--primary firewall take over standby firewall IP address while no failover occours
I have a strange problem at the moment, not sure if any of you ever encounter this problem before, or could some one give me some hint what it might cause this.
Platform cisco ASA 5505 Security Plus license firewall--------->redundant pair
Problem description: These two firewalls are setup as active/standby failover pair, every so often, the primary firewall claim to router own both primary firewall and standby firewall external interfaces IP. So that it appears to the system, the secondary firewall offline
However if you logged on the primary firewall, checking failover status, the failover cluster shows everything is fine.
checking the failover history, there was no failover occurs at all.
primary firewall can ping itself and secondary firewall fine. secondary firewall can ping primary firewall but not public internet.
Checking on internet gateway router, both primay firewall IP and secondary firewall IP resolving to primary firewall external interface Mac address.
everything will go back to normal by either restart the secondary firewall or force secondary firewall to be active.
This failover cluster has been setup for months and worked fine until recently the problem occours, it's not causing any downtime but it's really annoying, So if anyone could give me a help, that would be much appreciated.
Re: strange failover problem--primary firewall take over standby
Not sure why this is happening..
In normal circumstances, you see on the Internet router the IPs for both units with their corresponding MAC address correct?
In other words, from the outside router, the ARP table has an entry for the outside IP of the primary unit with its corresponding MAC and another entry for the IP of the secondary unit with the MAC of the secondary unit correct?
When the problem happens, you see an ARP with both IPs mapping to the MAC of the primary Firewall?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :