Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with failover on PIX and ASA with OS 7.2.1

Hello all,

I have this problem: I have two PIXs connected each other for LAN and stateful failover. They are connected by UTP cable through interfaces Ethernet0, where are two sub-interfaces are made (1 for LAN FO, 1 for stateful failover). With OS 7.1.(2) everything is OK, FO is fully functional. But after upgrade to OS 7.2.(1) I get this message on standby unit after standby unit is power on:

Detected an Active mate

Beginning configuration replication from mate.

ERROR: Interface is in use by failover. You must disable failover first to execute this command

ERROR: Interface is in use by failover. You must disable failover first to execute this command

ERROR: Interface is in use by failover

ERROR: Interface is in use by failover

End configuration replication from mate.

And these command are eliminated from configuration on primary unit:

failover link state Ethernet0/0.25

failover interface ip state 192.168.253.1 255.255.255.0 standby 192.168.253.2

I tried the same on 2 ASAs 5510 with the same result.

Does anyone know any solution for this? Is this bug in OS 7.2.(1) (but in Cisco Bug Tool I find anything about this)? Thanks in advance for any info. Config of primary unit is here:

interface Ethernet0

!

interface Ethernet0.24

description LAN Failover Interface

vlan 24

!

interface Ethernet0.25

description STATE Failover Interface

vlan 25

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0 standby 192.168.1.3

!

interface Ethernet2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet3

nameif outside

security-level 0

ip address xxx.xxx.xxx.xxx 255.255.255.240 standby xxx.xxx.xxx.xxx

!

interface Ethernet4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet5

shutdown

no nameif

no security-level

no ip address

!

passwd xxx

ftp mode passive

pager lines 24

mtu inside 1500

mtu outside 1500

failover

failover lan unit primary

failover lan interface failover Ethernet0.24

failover lan enable

failover link state Ethernet0.25

failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2

failover interface ip state 192.168.253.1 255.255.255.0 standby 192.168.253.2

Regards

Lukas Mecir, Albit Technologies

1 REPLY

Re: Problem with failover on PIX and ASA with OS 7.2.1

Hi,

When you configure primary unit, enter the "failover" command only after you finished keying-in all the other failover commands. This will prevent the failover process to run immediately without all required parameters. Make sure all interfaces assigned with IPs.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b31a.html#wp1124508

Rgds,

AK

365
Views
0
Helpful
1
Replies
CreatePlease login to create content