cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
639
Views
0
Helpful
7
Replies

ASA5540 Not sending configuration to mate

damrut5763
Level 1
Level 1

Hello I just swapout a bad ASA in active/stanby mode the secondary unit was bad however I configured the secondary unit with the minimum configuration:

interface GigabitEthernet0/3

description LAN/STATE Failover Interface

failover

failover lan unit secondary

failover lan interface failover GigabitEthernet0/3

failover polltime unit 5 holdtime 15

failover replication http

failover link failover GigabitEthernet0/3

failover interface ip failover 172.16.3.1 255.255.255.0 standby 172.16.3.2

However when I bootup the secondary the primary never dump the config down to the secondary. Do i have to add something else?

7 Replies 7

jscensny
Level 1
Level 1

Hi

be sure both firewalls are same: hw, sw and license.

Same command "failover interface ip failover 172.16.3.1 255.255.255.0 standby 172.16.3.2" on both ASAs.

Try put failover command on both units again.

If dont help- send output from show failover from both units.

Regards Jan

thanks

I thought LAN failover supports different sw versions as long as they are at version 7 minimum. Isn't this to support upgrading them during production?

Thanks!

starting with 7.x, you can run different software versions - for during zero down time upgrades only. it's not meant to be a long term solution for anything.

as a previous poster said:

same hardware EXACTLY

same license

same OS

to the OP, if it's still not working, post your failover and interface config sections from both, and "show failover" outputs from both.

I have a customer with 2 ASA-5510 firewalls. From show version, one is ASA5510 and the other is ASA5510-K8. Can these do LAN failover provided correct images and licensing?

Thanks

That should not be a problem. This had some issues using CSM to manage these but, that has been corrected as well in the new CSM code. CSCsg34759

Make sure DES and 3DES licensing is the exact same between the two units.

Make sure interface GigabitEthernet0/3 shows up up and that you can ping one unit from the other (172.16.3.1 can ping 172.16.3.2 and

vice versa).

Thanks!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: