×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Active session count of ASA in HA

Unanswered Question
Apr 16th, 2012
User Badges:

Hi,


We have configured our ASA5540 in active-standby failover.


We are observing that current active session count is twice of session count before configuring HA. Earlier average active session was 50000 and now after HA it is around 100000. Kindly let us know the reason for same.


Failover configuration of both firewall are as follows


failover

failover lan unit primary

failover lan interface FOLan GigabitEthernet1/0

failover polltime unit 15 holdtime 45

failover replication http

failover link StateLink GigabitEthernet1/1

failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

failover interface ip StateLink 10.4.4.1 255.255.255.0 standby 10.4.4.2


failover

failover lan unit secondary

failover lan interface FOLan GigabitEthernet1/0

failover polltime unit 15 holdtime 45

failover replication http

failover link StateLink GigabitEthernet1/1

failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

failover interface ip StateLink 10.4.4.1 255.255.255.0 standby 10.4.4.2


Regards,

Mukesh Tiwari

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jouni Forss Mon, 04/16/2012 - 23:38
User Badges:
  • Super Bronze, 10000 points or more

Hi,


I guess you have check this with "show conn count" or "show conn" commands on the ASA?


Ofcourse the first thing that comes to mind is that its somehow adding up the connection count of both ASA units. Though it shouldnt do this to my knowledge. You should just see almost equal amount of connections on both units. Both Primary and Secondary.


Have you tried to check if there is any host on your local network that would be taking alot of connections? Maybe somethings happened at the same time (even though it might not be likely)


Have you noticed any performance issues/problem after this upgrade to a A/S ASA pair?


- Jouni

mukesh.vansh Sun, 04/22/2012 - 23:22
User Badges:

Hi Jouni,


Output of show conn count is same for both ASAs.


I also doubt its somehow adding up the connection count of both ASA units.


Actually, before 15-Apr-12, active-standby HA was already configured but only Primary unit was up and connected in the network. On that day we put Secondary in the network. Since then we are observing change in active session count (see attached screenshot).

We haven't faced any performace issue till date.


Regards,

Mukesh Tiwari

Actions

This Discussion