05-27-2010 12:33 PM - edited 03-11-2019 10:51 AM
Hi people,
I configured two ASA 5540 in active/stand by, the trouble is when secundary ASA go to active, the tables xlate are starting to create and it ,gives me problems, there is some way that both ASA have the same xlate.
thanks
Alex
Solved! Go to Solution.
05-27-2010 03:25 PM
Alex, look at couple of links bellow .
you already have lan failover
failover
failover lan unit primary
failover lan interface failover Ethernet9
failover lan enable
failover key *****
failover interface ip failover 192.168.40.1 255.255.255.192 standby 192.168.40.2
For stateful you will need dedicated interface or share lan failover interface with stateful failover, or you may use a subinterface for stateful failover implementation.
failover link state
failover interface ip state 10.0.0.1 255.0.0.0 standby 10.0.0.2
See Stateful failover section , as Jon indicated you will need ( failover link ) in order to enable stateful failover and pass per-connection state to standby unit.
Go over some good guidelines
http://www.cisco.com/en/US/partner/docs/security/asa/asa80/command/reference/ef.html#wp1928149
Regards
05-27-2010 12:42 PM
Alex
The xlate table should be replicated with stateful failover. Are you sure you have configured stateful failover and not just failover ? -
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html
Jon
05-27-2010 02:17 PM
thank you jon.
the problem is that I have a database server when failover is turned on, connections are rejected by the firewall begins to assemble the xlate table. thank you very much for your help I hope to solve the problem.
the config of failover is this
failover
failover lan unit primary
failover lan interface failover Ethernet9
failover lan enable
failover key *****
failover interface ip failover 192.168.40.1 255.255.255.192 standby 192.168.40.2
-------
and
you recomendation to suggest is
failover replication http
thanks
05-27-2010 03:02 PM
Hallo,,
Have you add the virtual mac adresses (active and standby mac address) to the interfaces in the failover config?
Regards,
Marcel
05-27-2010 03:25 PM
Alex, look at couple of links bellow .
you already have lan failover
failover
failover lan unit primary
failover lan interface failover Ethernet9
failover lan enable
failover key *****
failover interface ip failover 192.168.40.1 255.255.255.192 standby 192.168.40.2
For stateful you will need dedicated interface or share lan failover interface with stateful failover, or you may use a subinterface for stateful failover implementation.
failover link state
failover interface ip state 10.0.0.1 255.0.0.0 standby 10.0.0.2
See Stateful failover section , as Jon indicated you will need ( failover link ) in order to enable stateful failover and pass per-connection state to standby unit.
Go over some good guidelines
http://www.cisco.com/en/US/partner/docs/security/asa/asa80/command/reference/ef.html#wp1928149
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: