04-30-2009 06:32 AM - last edited on 03-25-2019 05:42 PM by ciscomoderator
Hello I just swapout a bad ASA in active/stanby mode the secondary unit was bad however I configured the secondary unit with the minimum configuration:
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover polltime unit 5 holdtime 15
failover replication http
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.3.1 255.255.255.0 standby 172.16.3.2
However when I bootup the secondary the primary never dump the config down to the secondary. Do i have to add something else?
05-03-2009 10:40 AM
Hi
be sure both firewalls are same: hw, sw and license.
Same command "failover interface ip failover 172.16.3.1 255.255.255.0 standby 172.16.3.2" on both ASAs.
Try put failover command on both units again.
If dont help- send output from show failover from both units.
Regards Jan
05-04-2009 03:49 AM
thanks
06-12-2009 05:51 AM
I thought LAN failover supports different sw versions as long as they are at version 7 minimum. Isn't this to support upgrading them during production?
Thanks!
06-12-2009 06:01 AM
starting with 7.x, you can run different software versions - for during zero down time upgrades only. it's not meant to be a long term solution for anything.
as a previous poster said:
same hardware EXACTLY
same license
same OS
to the OP, if it's still not working, post your failover and interface config sections from both, and "show failover" outputs from both.
06-12-2009 06:11 AM
I have a customer with 2 ASA-5510 firewalls. From show version, one is ASA5510 and the other is ASA5510-K8. Can these do LAN failover provided correct images and licensing?
Thanks
06-15-2009 05:20 AM
That should not be a problem. This had some issues using CSM to manage these but, that has been corrected as well in the new CSM code. CSCsg34759
Make sure DES and 3DES licensing is the exact same between the two units.
Make sure interface GigabitEthernet0/3 shows up up and that you can ping one unit from the other (172.16.3.1 can ping 172.16.3.2 and
vice versa).
06-15-2009 05:23 AM
Thanks!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: