I am unable to establish failover on my asa 5520

**rionel** · 03-19-2008, 01:32 PM

What could be possible wrong with my config?

Primary
failover
failover lan unit primary
failover lan interface ASA_Failover GigabitEthernet0/3
failover link ASA_Failover GigabitEthernet0/3
failover interface ip ASA_Failover 192.168.199.2 255.255.255.252 standby 192.168.199.3

FW00# sh fail state

State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Not Detected Comm Failure 06:33:57 CST Mar 1 2007

====Configuration State===
====Communication State===

Secondary:
interface GigabitEthernet0/3
description LAN/STATE Failover Interface

failover
failover lan unit secondary
failover lan interface ASA_Failover GigabitEthernet0/3
failover link ASA_Failover GigabitEthernet0/3
failover interface ip ASA_Failover 192.168.199.2 255.255.255.252 standby 192.168.199.3

FW01# sh fail state

State Last Failure Reason Date/Time
This host - Secondary
Active None
Other host - Primary
Not Detected None

**netleets** · 08-12-2008, 11:07 PM

This appears to be a physical connectivity issue on the failover interface. Assuming the interface is turned up and has L2 and L3 connectivity, try creating a capture on that interface to see if you can see traffic from the other device.

config t
access-list cap-acl permit ip any any
capture cap-failover interface ASA_Failover access-list cap-acl
sh cap cap-failover

If you do not see traffic from the other firewall, you have a physical connectivity issue. If you do see traffic, please post the results in this forum and we will figure it out.

For more information on captures, check out the post on my forum:
netleetsDOTcom

**netleets** · 09-07-2008, 07:07 PM

Was this able to help you?

**brad** · 09-09-2008, 08:43 PM

With a 5-month delay, I'm guessing no

**cisco-tips** · 12-27-2008, 10:34 AM

I think the problem is on the IP addresses you use for the failover link. Since its a .252 subnet, its better to use 192.168.199.1 for the Active unit and 192.168.199.2 for the Failover unit. 199.3 is the broadcast address so this might be the problem.

Originally Posted by rionel

What could be possible wrong with my config?

Primary
failover
failover lan unit primary
failover lan interface ASA_Failover GigabitEthernet0/3
failover link ASA_Failover GigabitEthernet0/3
failover interface ip ASA_Failover 192.168.199.2 255.255.255.252 standby 192.168.199.3

FW00# sh fail state

State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Not Detected Comm Failure 06:33:57 CST Mar 1 2007

====Configuration State===
====Communication State===

Secondary:
interface GigabitEthernet0/3
description LAN/STATE Failover Interface

failover
failover lan unit secondary
failover lan interface ASA_Failover GigabitEthernet0/3
failover link ASA_Failover GigabitEthernet0/3
failover interface ip ASA_Failover 192.168.199.2 255.255.255.252 standby 192.168.199.3

FW01# sh fail state

State Last Failure Reason Date/Time
This host - Secondary
Active None
Other host - Primary
Not Detected None

Thread: I am unable to establish failover on my asa 5520

LinkBack

Thread Tools

Search Thread

I am unable to establish failover on my asa 5520

cont

Bookmarks

Bookmarks

Posting Permissions