I have a couple of ASA devices - the subnets they sit on are as follows:
Inside - 172.29.1.0 / 24 (ASA's are .6 & .7) DMZ - 172.28.1.0 / 24 (ASA are .1 & .2)
Off each of the DMZ ports I have a 2950 switch (each connects to it's respective ASA via Fa(0/1). The 2950's then connect to each other for redundancy by their Fa0/8 ports.
The IP's addresses on each switch are 172.28.1.3 (connected to Primary ASA) & 172.28.1.4 (Connected to Failover ASA)
In normal working conditions I can ping from my inside routers to the switches off the DMZ ports and get a good response. When I failover the ASA's I get loads of dropped packets - some hits & some misses.
If I fail back to the Primary I find my pings are hit and miss again. If I failover again to the Secondary and do a reboot on this ASA and the DMZ switch connected to it all goes back to normal.
I suspected that the switch may be encountering problems when the MAC addresses & IP's are swapped over on failover.
Has anyone encountered a similar problem with dropped pings on failover ?
Regards
Darren