We have a pair of ASA5510 running 7.2 (4) 30 in Active/Standby Failover mode.
We have all interfaces with Primary and Secondary IP Addresses.
All Interfaces on both units are up and working.
There is a single switch between workstations and ASAs. ASAs and switches are configured with OSPF.
I have always been able to get to both "inside" interfaces on the Primary and Secondary ASAs, but I am currently not able to get to the Secondary unit.
When looking at the failover status, I see the Secondary unit has all interfaces as up and normal and ready to become the active unit.
The reason I cannot get to the secondary unit, is that there are no OSPF routes in the route table, only static and connected, and there are no (and never have been) static routes pointing to the inside networks.
All of that routing is handled by OSPF.
I have never looked in the Standby unit to see if there was a fully populated OSPF route table the same as the Primary.
Is there supposed be a functional OSPF route table in the Secondary unit, or is that populated when it becomes the Primary?
I would assume there was because I could get to it before from different vlans.
As NT says, this is normal and to be honest one of the disadvantages of running a dynamic routing protocol in active/standby because not only can you sometimes not get to the standby as you have found, but more importantly if the firewall does failover you have to wait for the standby to build it's routing table before it can start forwardng traffic.
Obviously if you can connect from the directly connected vlan you will not need to rely on OSPF not running so you need to telnet to the switch that has the L3 routed interface that is common to the ASA inside interface, if there is one which there probably is.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...