Hi

We have a failover pair of ASA5540's. We are experiencing some connectivity issues through the primary siwtch that the primary ASA is connected to and want to fail over to the secondary ASA. Unfortunately the secondary ASA is reporting a status of failed because the VLAN for the interface in question "dmz-pest" does not exist on the secondary switch.

Traffic on the dmz-client cannot be interupted. Can anyone tell me if I fail over the firewalls will the failover be statfeul? I.e. will connections resume thorugh the secondary or will users experience any outage?

Does the firewall maintain state even if the secondary ASA is reporting a failed state?

Last Failover at: 14:45:26 UTC Sep 16 2007

This host: Primary - Active

Active time: 1547156 (sec)

slot 0: ASA5540 hw/sw rev (1.0/7.2(2)) status (Up Sys)

Interface outside (203.94.186.66): Normal

Interface inside (172.18.1.101): Normal

Interface dmz-corplink (0.0.0.0): Link Down (Not-Monitored)

Interface dmz-client (172.18.242.254): Normal

Interface dmz-pest (10.0.1.130): Normal (Waiting)

Interface dmz-pub (172.18.2.254): Normal (Not-Monitored)

Interface dmz-iro (172.18.240.254): Normal (Not-Monitored)

slot 1: empty

Other host: Secondary - Failed

Active time: 0 (sec)

slot 0: ASA5540 hw/sw rev (1.0/7.2(2)) status (Up Sys)

Interface outside (203.94.186.73): Normal

Interface inside (172.18.1.102): Normal

Interface dmz-corplink (0.0.0.0): Normal (Not-Monitored)

Interface dmz-client (172.18.242.253): Normal

Interface dmz-pest (10.0.1.131): Failed (Waiting)

Interface dmz-pubs (172.18.2.201): Normal (Not-Monitored)

Interface dmz-iro (0.0.0.0): Normal (Not-Monitored)

slot 1: empty

Many thanks