Question about Cisco ASA 5510 Firewall

1 Answer

ASA5510 Active/Standby Not Working

Hello All,

initially I have configured this failover quite well, and tested it enough. after that I had to switch off standby unit for some time and now as I have switch on it again my failover is not working anymore..

when i login to secondary ASA while is just reloaded, it shows following messsage:

Cryptochecksum (unchanged): 59e3f12d 768bc119 32070d9b 6acb7029
Type help or '?' for a list of available commands.
ciscoasa> .
Detected an Active mate
Beginning configuration replication from mate.
listen_ch_open: Failed listen on interface inside port 23
listen_ch_open: Failed listen on interface inside port 23
listen_ch_open: Failed listen on interface inside port 22
listen_ch_open: Failed listen on interface inside port 22
listen_ch_open: Failed listen on interface inside port 22
listen_ch_open: Failed listen on interface management port 22
End configuration replication from mate.

I seem to be clueless now as to why it not working anymore..I really appreciate your comments.

following is my asa failover status.

ciscoasa# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: fointerface Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
failover replication http
Version: Ours 8.0(3)19, Mate 8.0(3)19
Last Failover at: 22:07:56 WET Dec 14 2008
This host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.0(3)19) status (Up Sys)
Interface outside (0.0.0.0): Normal (Waiting)
Interface inside (192.168.250.5): Normal
Interface BigIPF5 (192.168.101.2): Failed (Waiting)
Interface management (192.168.2.2): No Link (Not-Monitored)
slot 1: empty
Other host: Primary - Active
Active time: 6133935 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.0(3)19) status (Up Sys)
Interface outside (xx.xxx.xxx.xxx): Normal (Waiting)
Interface inside (192.168.250.4): Normal
Interface BigIPF5 (192.168.101.1): Normal (Waiting)
Interface management (192.168.2.1): Normal (Not-Monitored)
slot 1: empty

Stateful Failover Logical Update Statistics
Link : fointerface Ethernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 104 0 1573 9
sys cmd 104 0 104 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 931 9
UDP conn 0 0 481 0
ARP tbl 0 0 42 0
Xlate_Timeout 0 0 0 0
VPN IKE upd 0 0 5 0
VPN IPSEC upd 0 0 10 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 19 8418
Xmit Q: 0 1 104
ciscoasa#

Posted by on

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    Corporal:

    An expert that hasĀ over 10 points.

    Mayor:

    An expert whose answer gotĀ voted for 2 times.

    Problem Solver:

    An expert who has answered 5 questions.

  • Contributor
  • 12 Answers

This is a old post, have you received and answer yet?

If not, make sure the internal interfaces are connected to one another and both have links. The ASA needs to have a "heartbeat" signal that passes between the 2 devices and this seems to be what's failing.

Posted on Mar 26, 2009

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

3 Answers

New cisco asa 5510 setup


connect your laptop to the asa5510 using a cross over cable

Oct 07, 2009 | Cisco ASA 5510 Firewall

1 Answer

Failover best option required..


You can only do active/active if you're using multiple contexts. Active/active can give you some extra performance for your $ since you can pass traffic through both ASAs. Compare this to active/standby where the standby unit passes no traffic.

If you're pushing the 5510's to 80% capacity each in active/active mode, then you have one fail, now the one single ASA is oversubscribed. The oversubscription could cause connectivity issues that defeat the purpose of failover in the first place.

In the spirit of reliability go with active/standby. Seeing that you have two active core switches that would be pushing all of their traffic through a single 5510 in this case....it may be too much active/active may be the better solution.


Mar 31, 2009 | Cisco ASA 5510 Firewall

1 Answer

ASA LAN failover Problem


Hi,

The crossover cable should work fine for sure.

Best Regards,
TL

Mar 17, 2009 | Nokia IP 350 Firewall

1 Answer

Export and import all configuration in Cisco ASA 5510


Hello ,
the Steps which u want to export and import configuration in Cisco ASA5510
1- connect yourself to your Cisco gateway by IP
2- Get TFTP server to your PC like( solarwind , Tftp server , ... ) any tftp download and upload program
3- now u need to copy running configuration to your pc by order
#copy run tftp , then follow the steps
NOTE: u should be in the same network or u need your pc and cisco box both have publick IP

4- if u want to put prepair config files to your gateway , you will need to type order
#copy tftp run , then foloow the steps

If u need anything else please let us know by leave your completely request or join us with www.fixya.com

Regards,
Samer

Dec 17, 2008 | Cisco ASA 5510 Firewall

1 Answer

Asa 5505 firewall problem


PPPoE is not supported when failover is configured on the security appliance, or in multiple context or transparent mode. PPPoE is only supported in single, routed mode, without failover.

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/pppoe.html

Jun 06, 2008 | Cisco ASA 5500 Firewall

1 Answer

ASA 5510 sec - bun k9


Basic Commands pixfirewall(config)#hostname PIX !--- Naming the PIX is optional. PIX(config)#nameif ethernet2 fo security20 !--- Naming the interface is optional. It is recommended that you !--- hardcode the speed/duplex. PIX(config)#interface ethernet2 100full !--- Bring up the interface. PIX(config)#ip address fo 192.168.1.1 255.255.255.0 !--- Assign an IP address. Failover Commands PIX(config)#failover ip address fo 192.168.1.2 !--- IP address for the failover link. PIX(config)#failover lan unit primary !--- This unit is primary . PIX(config)#failover lan interface fo !--- The 'fo' interface is used for LAN failover. PIX(config)#failover lan key cisco !--- The Pre-shared key. PIX(config)#failover lan enable !--- Enables failover. PIX(config)#failover !--- Start the failover process. This message appears on the console:
LAN-based Failover: trying to contact peer failover_01.gifLAN-based Failover: Send hello msg and start failover monitoring

Nov 27, 2007 | Cisco ASA 5510 Firewall

2 Answers

Basic Configuration Guide


http://www.nokia-asia.com/nokia/0,,80787,00.html This page will point you in the right direction. It is the specs and support w/ manual download. Good Luck, Tim

Jan 26, 2007 | Nokia IP 350 Firewall

Not finding what you are looking for?
Cisco ASA 5510 Firewall Logo

1,786 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Justin
Justin

Level 3 Expert

2072 Answers

Kirk Augustin
Kirk Augustin

Level 3 Expert

2019 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...