ASA Failover Ping fail

Unanswered Question
Apr 3rd, 2007

Hello,

I've a problem with two ASA 5520 configured for statefull failover Active/standby using a VPN l2l connection. I have sent successfully ping packets from the outside lan but if I switch from the failover to standby ASA the ping doesn't work.

This is my failover configuration:

failover

failover lan unit primary

failover lan interface heartbeat GigabitEthernet0/3

failover polltime interface 1 holdtime 5

failover link stateful GigabitEthernet0/2

failover interface ip heartbeat 1.1.1.1 255.255.255.0 standby 1.1.1.254

failover interface ip stateful 1.1.2.1 255.255.255.0 standby 1.1.2.254

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sebastan_bach Tue, 04/03/2007 - 17:57

hi the answer to ur query is that asa or pix even in the stateful failover configuration doesn;t support passing on stateful information abt icmp. the icmp xlates are not passed on from the active asa to the standy asa.

so after the failover there will be some drops for the new xlates to be created.but then it will start pinging from the new asa also.

hope this helps.

regards

sebastan

Actions

This Discussion