Configuring Active/Standby Failover on an ASA 5520

Unanswered Question
Feb 14th, 2007

When setting up the Stateful failover link, are there any issues if you use the management interface or should you only use an ethernet interface?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vitripat Wed, 02/14/2007 - 12:00

You can use the management interface for stateful failover. However, if you are using gigabit data interfaces, its recommended that stateful link also be a gigabit interface.

browningm Wed, 02/14/2007 - 12:30

Ok thanks.

Then next question will be that I'm having some issues trying to enable the failover. I have gone through the configurations and made sure have that everything is correct. I've checked to make sure that they are both on same version, mode.

After I enter command for failover, nothing happens...are there any suggestions that could give that I might be overlooking?

browningm Thu, 02/15/2007 - 07:58

Sorry should have been more clear on that part. I have done the failover command on the primary first and the secondary afterward with no luck.

Also just saw this and not sure if might be an issue but when do sh ver on both, the primary hardware is ASA5520 and secondary is ASA5520-k8. Will this be an issue?

vitripat Thu, 02/15/2007 - 10:09

What version are you running? Were you trying to configure failover from ASDM wizard? If yes, it wont recognize them as same hardware due to a bug, you need to configure failover from CLI. If you did configure it from CLI, there shouldnt be any issue. Can you provide the configuration from the Primary firewall?

browningm Thu, 02/15/2007 - 12:08

I believe I just found what might be causing the issue. The primary ASA has different WebVPN license than the secondary ASA.

vitripat Thu, 02/15/2007 - 13:35

ok .. if that is the case, failover will not work as it needs same license on both devices.


This Discussion