ASA 5520 - Stateful feature failed on LAN based active/standby failover

Unanswered Question
May 17th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tableau Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Dear all,


I encoured stateful issue in a ASA 5520 architecture displayed on the drawing attached.


This is a LAN based active/standby failover link between a pair of ASA5520 (version 8(0)4). Stateful and failover use the same ethernet link (dedeicated VLAN).


To test this architecture, I have lanch a FTP tansfert between trust and untruct zone. During the trnasfer I shutdown the Unit Primary.

è    The failover seems to work properly

è    The stateful doesn’t work properly becaise my FTP transfert is closed (see attachment)


Find below my configuration :


interface GigabitEthernet0/0

description LAN Interface

speed 1000

duplex full

nameif outside

security-level 0

ip address 10.192.154.126 255.255.255.248 standby 10.192.154.125

!

interface GigabitEthernet0/1

description ToIP Server Interface

speed 1000

duplex full

nameif inside

security-level 100

ip address 10.192.154.30 255.255.255.224 standby 10.192.154.29

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

description LAN/STATE Failover Interface

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

!


Unit Primary :


failover

failover lan unit primary

failover lan interface ASA_Failover GigabitEthernet0/3

failover key *****

failover link ASA_Failover GigabitEthernet0/3

failover interface ip ASA_Failover 10.192.154.110 255.255.255.252 standby 10.192.154.109


Unit Secondary


failover

failover lan unit secondary

failover lan interface ASA_Failover GigabitEthernet0/3

failover key *****

failover link ASA_Failover GigabitEthernet0/3

failover interface ip ASA_Failover 10.192.154.110 255.255.255.252 standby 10.192.154.109


Find also in attachment the result displayed by « sh failover »


Anyone have an ideao of what is wrong in my configuration. My goal is to have no impact oin the current TCP/UDP session when the primary unit failed.


Thanks for your help


Regards,


Hervé

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
h-etchepare Wed, 05/19/2010 - 00:29

Hi,


Thanks for your help.

The issue is solved.

It was only a problem with DOS ftp client.

With filezilla the stateful works properly.


Regards

Actions

This Discussion