ASA5510 failover (Active/Standby)

Unanswered Question
Aug 18th, 2009

Hello,

i have installed and configured 2 ASA5510 in failover (Active/Standby) and everything work fine, when the primary unit(active) fails, the secondary unit(Standby) assumes the role of active, however, when the primary unit (standby) returns to its normal state, the secondary unit (active) remains "active".


I want that my primary unit is active when returns to its normal state and my secondary unit remains standby.


how can i do this in the configuration of ASA5510?


Regards and Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Tue, 08/18/2009 - 15:12

Cesar, I don't have a second 5510 I could test this with but there is preempt command failover group feature which seems to make this transition automatic for the prefered unit you want to keep in active state when comes back from failure, take a look into and try.


You can also manually force the roles.



See Restoring a Failed Unit or Failover Group section

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html


regards

cesarpuga Tue, 08/18/2009 - 18:10

Thanks, Jorge

Before starting the conversation i had already tried to use the command "preempt" but is not present on the ASA5510 (Active / Standby).


I'm using the IOS 8.2(1) and the following commands can't be applied:


hostname(config)# failover group {1 | 2}

hostname(config-fover-group)# preempt [delay]


so, let me know if there is another way to complete this task.


thanks a lot

cesarpuga Wed, 08/19/2009 - 08:02

yes, the commands "failover group" and "preempt" only work when a i'm using a multiple contexts when i have to configure a failover (Active/Active) but it's not my case.


in my case i'm using 2 ASA5510 with single contexts each one.


some command that i can use to resolve my issue???

JORGE RODRIGUEZ Wed, 08/19/2009 - 09:35

Cesar, for your case Active/Standby you have to make the switch by manual command, that is , if your primary failed and came backup it will state in the " show faiover " output This host: Primary - Standby ready if you want to have this Standby be the Primary active again you have to issue on the standby unit asa#failover active


asa#failover active


once this command is issued on the Primary- Standby it will reclaim the role of Primary active state, and you can confirm this by looking the output of show failover.. always look and take notes at the serial number of each unit to not get you confused with these names of Primary - active , Primary Standby - Secondary active - Secondary standby etc...sometimes it gets confusing.


Regards


Actions

This Discussion