ASA failover DMZ interface

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Rudresh
Hello I'm new here
Posts: 1
Joined: Sun Jul 03, 2016 11:24 pm

ASA failover DMZ interface

Post by Rudresh » Sun Jul 03, 2016 11:38 pm

Hi,

I have configured active/standby on ASA 5525. I am facing an issue with DMZ interface.

Below is the output of Sh failover on primary:

INBLR-NT-1F-ASA-PRI/pri/act# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 216 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.2(2)4, Mate 9.2(2)4
Last Failover at: 13:52:37 IST Jul 3 2016
This host: Primary - Active
Active time: 80014 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.2(2)4) status (Up Sys)
Interface outside (x.x.x.x): Normal (Monitored)
Interface inside (y.y.y.y): Normal (Monitored)
Interface DMZ1 (z.z.z.z): Testing (Waiting)
Other host: Secondary - Standby Ready
Active time: 104 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.2(2)4) status (Up Sys)
Interface outside ((x.x.x.x): Normal (Monitored)
Interface inside (y.y.y.y1): Normal (Monitored)
Interface DMZ1 ((z.z.z.z): Normal (Monitored)

I am not able to get why DMZ is showing as Testing (Waitig) on primary ASA. Because of this the ASA is getting failover frequenty. Please let me know what my be the issue.

Regard's
Rudresh