Dear all,

I encoured stateful issue in a ASA 5520 architecture displayed on the drawing attached.

This is a LAN based active/standby failover link between a pair of ASA5520 (version 8(0)4). Stateful and failover use the same ethernet link (dedeicated VLAN).

To test this architecture, I have lanch a FTP tansfert between trust and untruct zone. During the trnasfer I shutdown the Unit Primary.

è    The failover seems to work properly

è    The stateful doesn’t work properly becaise my FTP transfert is closed (see attachment)

Find below my configuration :

interface GigabitEthernet0/0

description LAN Interface

speed 1000

duplex full

nameif outside

security-level 0

ip address 10.192.154.126 255.255.255.248 standby 10.192.154.125

!

interface GigabitEthernet0/1

description ToIP Server Interface

speed 1000

duplex full

nameif inside

security-level 100

ip address 10.192.154.30 255.255.255.224 standby 10.192.154.29

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

description LAN/STATE Failover Interface

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

!

Unit Primary :

failover

failover lan unit primary

failover lan interface ASA_Failover GigabitEthernet0/3

failover key *****

failover link ASA_Failover GigabitEthernet0/3

failover interface ip ASA_Failover 10.192.154.110 255.255.255.252 standby 10.192.154.109

Unit Secondary

failover

failover lan unit secondary

failover lan interface ASA_Failover GigabitEthernet0/3

failover key *****

failover link ASA_Failover GigabitEthernet0/3

failover interface ip ASA_Failover 10.192.154.110 255.255.255.252 standby 10.192.154.109

Find also in attachment the result displayed by « sh failover »

Anyone have an ideao of what is wrong in my configuration. My goal is to have no impact oin the current TCP/UDP session when the primary unit failed.

Thanks for your help

Regards,

Hervé