ASA5540 Not sending configuration to mate

Unanswered Question
Apr 30th, 2009

Hello I just swapout a bad ASA in active/stanby mode the secondary unit was bad however I configured the secondary unit with the minimum configuration:

interface GigabitEthernet0/3

description LAN/STATE Failover Interface


failover lan unit secondary

failover lan interface failover GigabitEthernet0/3

failover polltime unit 5 holdtime 15

failover replication http

failover link failover GigabitEthernet0/3

failover interface ip failover standby

However when I bootup the secondary the primary never dump the config down to the secondary. Do i have to add something else?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jscensny Sun, 05/03/2009 - 10:40


be sure both firewalls are same: hw, sw and license.

Same command "failover interface ip failover standby" on both ASAs.

Try put failover command on both units again.

If dont help- send output from show failover from both units.

Regards Jan

mwheinz Fri, 06/12/2009 - 05:51

I thought LAN failover supports different sw versions as long as they are at version 7 minimum. Isn't this to support upgrading them during production?


srue Fri, 06/12/2009 - 06:01

starting with 7.x, you can run different software versions - for during zero down time upgrades only. it's not meant to be a long term solution for anything.

as a previous poster said:

same hardware EXACTLY

same license

same OS

to the OP, if it's still not working, post your failover and interface config sections from both, and "show failover" outputs from both.

mwheinz Fri, 06/12/2009 - 06:11

I have a customer with 2 ASA-5510 firewalls. From show version, one is ASA5510 and the other is ASA5510-K8. Can these do LAN failover provided correct images and licensing?


Kureli Sankar Mon, 06/15/2009 - 05:20

That should not be a problem. This had some issues using CSM to manage these but, that has been corrected as well in the new CSM code. CSCsg34759

Make sure DES and 3DES licensing is the exact same between the two units.

Make sure interface GigabitEthernet0/3 shows up up and that you can ping one unit from the other ( can ping and

vice versa).


This Discussion