Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
6
Replies

Failover issue on ASA 5510 with A/S

Go to solution
helponline
Level 1
Level 1

‎03-10-2008 04:09 AM - edited ‎03-11-2019 05:14 AM

Hi,

I've a two ASA5510 & configured Active/standby fO configuration in sub interfaces. But this configuration is not working. Please check the both ASA configuration & let me know what changes i have to take.

I've attached the ASA's configuration

Waiting for Valuable reply.

Labels:
Preview file
62 KB
Preview file
58 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brettmilborrow
Level 1
Level 1
In response to helponline

‎03-12-2008 01:18 AM

Hi,

Glad you got your failover working correctly. As far as I know shutting down an interface via the config will not cause a failover. This is by design.

As far as the firewalls returning to the primary being the active firewall, this will not be done automatically and will require you to force the units back with the failover active or no failover active command depending on whether you connect to the primary or failed unit.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
brettmilborrow
Level 1
Level 1

‎03-10-2008 04:24 AM

Hi,

Did you follow the instructions here:

]http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

This gives you step by step instructions for configuring failover.

Good Luck!

0 Helpful

Go to solution
helponline
Level 1
Level 1
In response to brettmilborrow

‎03-10-2008 04:47 AM

Hi,

Thanks, i checked that link but still it is not working. Please check "show failover" & "show failover history" in the outputs.

is there any bug on asa 8.0(3) for this issue (failover) ?

0 Helpful

Go to solution
brettmilborrow
Level 1
Level 1
In response to helponline

‎03-10-2008 04:59 AM

The two devices have different configs on them.

When you have firewalls in a failover pair, you need to configure the primary firewall fully only, then configure a minimum set of commands on the secondary firewall. The firewalls will then take care of the rest, including config replication etc.

I you imagine you have two blank firewalls in front of you, read the link above and this should help you understand how failover works.

0 Helpful

Go to solution
helponline
Level 1
Level 1
In response to brettmilborrow

‎03-11-2008 11:21 PM

Thanks,

I started from the crash everything is working fine even the failover also. I've 7 sub interfaces on inside interface there I configure for A/S failover. I tested Failover with following procedure.

1. If I remove the cable on inside interface (physical interface) then the failover happened to the standby box for all the sub interfaces. If I give the shutdown command on the sub interfaces the failover is not happen? What could be the problem? Will it happen or not?

Please confirm the following point.

1. After the failover If the primary box coming up whether the standby box (which active present) will go to standby by automatically?

2. Or we have to give manually on the primary box will make as active (“failover active “command)?

I've attached my primary & Secondary ASA with this mail. Please check configuration and revert back .

Thanks in advance.

Preview file
14 KB
0 Helpful

Go to solution
brettmilborrow
Level 1
Level 1
In response to helponline

‎03-12-2008 01:18 AM

Hi,

Glad you got your failover working correctly. As far as I know shutting down an interface via the config will not cause a failover. This is by design.

As far as the firewalls returning to the primary being the active firewall, this will not be done automatically and will require you to force the units back with the failover active or no failover active command depending on whether you connect to the primary or failed unit.

0 Helpful

Go to solution
helponline
Level 1
Level 1
In response to brettmilborrow

‎03-13-2008 05:19 AM

Hi,

Thank you for your update...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card