We have 2 ASA 5520 in Active - Standby failover setup (ASA1 = Primary, ASA2 = Secondary). Since these two FW's are in other branch office, we have an IPSec connectivity to the FW for monitoring. I have the following question.
1. We have "snmp-server enable traps all" configured to send any traps to my monitoring tool. If the ASA2 takes over the Active role, will I receive any snmp trap on my monitoring tool? This is very important so that we come to know if any of the FW fails. What will the snmp trap look like? I would not like to try this on a production network, hence this question.
Below I have created a logging list TEST which includes system log messages related to the class ha (high availability, also known as failover) with a severity level of 4 and specifies that they should be sent to the syslog server. If you also want to see the time and date on which the log messages were generated, you can use "logging timestamp" command.
Thanks for the useful information! I actually have another question related to this topic.
Recently one of my ASA Clusters had a ASA standby unit's power supply fail. I want to enable SNMP on my ACTIVE/STANDBY ASA pair, so that if the health of the standby unit were to fail this would be reported to me. What SNMP commands would I need to enter to activate this so information would be reported to me as the active or failover is having any hardware issues?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...