ASA Failover Ping fail

Unanswered Question
Apr 3rd, 2007
User Badges:


I've a problem with two ASA 5520 configured for statefull failover Active/standby using a VPN l2l connection. I have sent successfully ping packets from the outside lan but if I switch from the failover to standby ASA the ping doesn't work.

This is my failover configuration:


failover lan unit primary

failover lan interface heartbeat GigabitEthernet0/3

failover polltime interface 1 holdtime 5

failover link stateful GigabitEthernet0/2

failover interface ip heartbeat standby

failover interface ip stateful standby

Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sebastan_bach Tue, 04/03/2007 - 17:57
User Badges:

hi the answer to ur query is that asa or pix even in the stateful failover configuration doesn;t support passing on stateful information abt icmp. the icmp xlates are not passed on from the active asa to the standy asa.

so after the failover there will be some drops for the new xlates to be created.but then it will start pinging from the new asa also.

hope this helps.




This Discussion