Jatin

Thnaks for your response.

At the time we did issue a command that made the secondary ACTIVE. So now I have the following:

(I have modified IP's to remain anonymous)

ASA-5520# sh failover

Failover On

Failover unit Secondary

Failover LAN Interface: Heartbeat GigabitEthernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 160 maximum

Version: Ours 8.2(3), Mate 8.2(3)

Last Failover at: 13:43:59 CST Dec 21 2012

This host: Secondary - Active

                Active time: 17894886 (sec)

                slot 0: ASA5520 hw/sw rev (2.0/8.2(3)) status (Up Sys)

                  Interface outside (216.x.x.2): Normal

                  Interface inside (192.168.x.1): Normal

                  Interface dmz (192.168.x.1): Normal (Not-Monitored)

                  Interface management (192.168.x.84): No Link (Waiting)

                slot 1: empty

        Other host: Primary - Standby Ready

                Active time: 5267283 (sec)

                slot 0: ASA5520 hw/sw rev (2.0/8.2(3)) status (Up Sys)

                  Interface outside (216.x.x.12): Normal

                  Interface inside (192.168.x.2): Normal

                  Interface dmz (192.168.x.2): Normal (Not-Monitored)

                  Interface management (0.0.0.0): No Link (Waiting)

                slot 1: empty

I also modified the ip route statements to make the Internet router connecting to what is currently called the Secondary as my default toute out to world.

          route outside 0.0.0.0 0.0.0.0 216.x.x.11 1 track 1

          route outside 0.0.0.0 0.0.0.0 216.x.x.1 254

I simply want the ASA I am using as Primary to be called the Primary. What would you/anyone advise?

Can anyone advise on this issue?

Hi,

Is the above "show failover" output now correct for you?

Is the one that you configured as Secondary/Primary showing as you have configured?

Atleast the start of the output suggests that the unit where the output was taken is configured as Secondary and showing up as Secondary.

If you are referring to the name of the ASA showing as Primary and Secondary then that is not possible as they share the "hostname" configuration.

What you could do though is a configure an additional global command that will show you on the unit you are logged into

• Is it configured as Primary or Secondary
• What is its state, Active or Standby Ready

You could use this command for example

prompt hostname priority state

What I mean by this is that it would actually show you on the command line interface all the time the status of the unit with regards to the failover

Cant give you a good example since my own ASA is only ASA5505 which is not configured for Failover. But with the above command its hostname prompt is now

ASA/sec/actNoFailover(config)#

Its showing Secondary as the default setting for a ASA unit in Failover is Secondary unless otherwise configured to be Primary specifically.

Do also notice that configuring one unit as Primary and one as Secondary doesnt have generally that noticiable affect on the operation. If both of the firewalls were to boot at the sametime then the Primary unit would become the Active unit. If however the Primary unit was Active and then Failed and recovered again IT WOULD NOT become Active automatically. You would have to manually make it Active again or the Secondary unit (which would then be Active) would have to fail.

Only Active/Active Failover can use a command/configuration that will return the original unit back to Active when its recovered.

Hope this helps

- Jouni

Question?

The device shows a Secondary, but also states it is the ACTIVE device. "This host: Secondary - Active"

Doesn't ACTIVE mean the the device is being used as PRIMARY/?

Traffic passing thru the ASA's is being sent first to the physical device which is currently showing up as Secondary-ACTIVE?