ASA failover issue

skmdimran · ‎09-16-2009

Dear concern,

We have two ASA 5520 and configured lan base fail over.

But failover not working as per expectation.

Please find attachment of show tech of both ASA.

Regards

Imran

apdatasoft · ‎09-16-2009

Hi,

u need to sub-interface the failover interface and connect with a cross cable, and finish of the configuration as per the attachment

Thanks

AP

marc-andre.desy · ‎09-16-2009

Hi, from what I see the firewall failover is well configured, you have not configured the stateful failover feature, which allows for all connections, IPsec sessions, etc to be synced with he secondary unit. The command should do the job for you:

failover link sync GigabitEthernet0/1

jimmyc_2 · ‎09-17-2009

Hi marc-andre,

Can I have two ASA's connected via a single ethernet cable (ASA-1 G0/3 and ASA-2 G0/3)?

Can I use IP address for those interface that are not in my routing table (1.1.1.1 & 1.1.1.2)?

What are the most basic commands needed?

thanks

Shyama Prasad Chakraborty · ‎09-17-2009

Yes you can.

I have connected them directly with a straight cable and the configuration is as follows:

Firewall1# sh runn failover

failover

failover lan unit primary

failover lan interface stateful Management0/0

failover polltime unit msec 200 holdtime msec 800

failover polltime interface msec 500 holdtime 5

failover link stateful Management0/0

failover interface ip stateful 192.168.254.1 255.255.255.252 standby 192.168.254.2

-----------------------------------------------------------------------------------

Firewall2# sh runn failover