failover active/standby failover.

Unanswered Question
Sep 13th, 2007
User Badges:


please help me,

i have got the ASA5550 two number with the same ios asa712-k8.bin both are running in the active/standby failover. the problem is that the failover runs ok for some time however after some time both the firewall status becomes active and but the traffic moves only from the secondary and the primary firewall failover shows failed in the show failover command. when we restart the primary firewall it works says standby ready for few seconds and then it says failed. please tell me what is the issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Thu, 09/13/2007 - 02:29
User Badges:
  • Red, 2250 points or more


can you confirm whether you are meeting all the required prerequisites as mentioned in CCO ???

Hardware Requirement

The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Note: The two units do not need to have the same size Flash memory. If you use units with different Flash memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory fails.

Software Requirement

The two units in a failover configuration must be in the operational modes (routed or transparent, single or multiple context). They must have the same major (first number) and minor (second number) software version, but you can use different versions of the software within an upgrade process; for example, you can upgrade one unit from Version 7.0(1) to Version 7.0(2) and have failover remain active. We recommend that you upgrade both units to the same version to ensure long-term compatibility.

License Requirements

On the PIX security appliance platform, at least one of the units must have an unrestricted (UR) license.

Components Used

The information in this document is based on these software and hardware versions:

PIX Security Appliance with 7.x version

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Manjunatha Jayaram Thu, 09/13/2007 - 02:51
User Badges:

thanks Kumar,

both the firewall are having the same IOS and the same flash memeory and the same Hardware. but even wiht all this specification it is having the problem. what other thinks need to be done.

a.alekseev Fri, 09/14/2007 - 08:25
User Badges:
  • Gold, 750 points or more

could you show "sh failover" on both devices?

makif Wed, 09/26/2007 - 04:29
User Badges:


Can u tell me how to configure pix515 ur ver 7.2 running in transparent mode as a failover unit. I m confused as to how the failover will work as both the interfaces will not have ip address...




This Discussion