Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4198
Views
0
Helpful
3
Replies

Active session count of ASA in HA

mukesh.vansh
Level 1
Level 1

‎04-16-2012 10:55 PM - edited ‎03-11-2019 03:54 PM

Hi,

We have configured our ASA5540 in active-standby failover.

We are observing that current active session count is twice of session count before configuring HA. Earlier average active session was 50000 and now after HA it is around 100000. Kindly let us know the reason for same.

Failover configuration of both firewall are as follows

failover

failover lan unit primary

failover lan interface FOLan GigabitEthernet1/0

failover polltime unit 15 holdtime 45

failover replication http

failover link StateLink GigabitEthernet1/1

failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

failover interface ip StateLink 10.4.4.1 255.255.255.0 standby 10.4.4.2

failover

failover lan unit secondary

failover lan interface FOLan GigabitEthernet1/0

failover polltime unit 15 holdtime 45

failover replication http

failover link StateLink GigabitEthernet1/1

failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

failover interface ip StateLink 10.4.4.1 255.255.255.0 standby 10.4.4.2

Regards,

Mukesh Tiwari

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎04-16-2012 11:38 PM

Hi,

I guess you have check this with "show conn count" or "show conn" commands on the ASA?

Ofcourse the first thing that comes to mind is that its somehow adding up the connection count of both ASA units. Though it shouldnt do this to my knowledge. You should just see almost equal amount of connections on both units. Both Primary and Secondary.

Have you tried to check if there is any host on your local network that would be taking alot of connections? Maybe somethings happened at the same time (even though it might not be likely)

Have you noticed any performance issues/problem after this upgrade to a A/S ASA pair?

- Jouni

0 Helpful

mukesh.vansh
Level 1
Level 1
In response to Jouni Forss

‎04-22-2012 11:22 PM

Hi Jouni,

Output of show conn count is same for both ASAs.

I also doubt its somehow adding up the connection count of both ASA units.

Actually, before 15-Apr-12, active-standby HA was already configured but only Primary unit was up and connected in the network. On that day we put Secondary in the network. Since then we are observing change in active session count (see attached screenshot).

We haven't faced any performace issue till date.

Regards,

Mukesh Tiwari

0 Helpful

mukesh.vansh
Level 1
Level 1
In response to Jouni Forss

‎04-29-2012 10:21 PM

Hi,

Any update on the same.

Regards,

Mukesh Tiwari

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card