Active/Standby failover

Unanswered Question
Jul 12th, 2010

Hi,

I am trying to setup two pairs of ASA 5510s which they will both be setup as Active/Standby. The failover interfaces will be connected via Ethernet to the same switch. Do the interfaces need to be on separate individual VLANs on the switch to work properly? Or do they only need to be on different IP subnets.

Reason I am asking is because the 2 pairs will not stay synchronized as a pair and I can't figure out why. The configs for each pair are identical as is the hardware, but the standby will always lose connection and default back to "ActNoFailOver" or "StdbyNoFailOver" status.

please help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 07/12/2010 - 10:24

It is better if they are in a dedicated vlan because that vlan should not be seeing all kinds of broadcast packets etc since it is used for the failover communication. That is a recommendation though, not a requirement. Putting them in a vlan that is passing regular data will also work.

For the issue you are seeing you can do "sh fail history" to try to see why it is happening. It could be an interface mismatch.

I hope it helps.

PK

Actions

This Discussion