Have configured Active/Standby and configuration has been copied fine from one device to other.
All interfaces that have been auto created (to match the original device) are showing IP addresses correctly (UP,UP)
The ASA are connected via 2 switches using trunk ports and status is UP for both trunk ports (I have connected to the same ports as in original device)
Though it was going to work when the configuration transfer was completed and the same interfaces connected. Let me know if you can suggest why interfaces on the standby ASA when active become (UP, UP) with correct IP Addresses but no traffic passes except on the failover interface.
The standby unit is not passing traffic because it is standby. If you have a standby IP address configured, you would see it associated with the ports connecting to the standby unit (via mac address tables and or ARP caches).
In the event it becomes active, it will issue a gratuitous ARP so that the hosts needing to communicate via any of the configured interfaces know to associate its connected port(s) with the MAC address(es) that the units establish to associate with the IP address(es).
in fact this is the problem that even after entering command "no failover active" on the Active ASA and therefore the second ASA becomes the Active one - still no traffic works except between the interfaces of the Failover between the two ASA's. So the second ASA is yes becoming Active but it seems that no device is able to communicate with it even if all its interfaces match the primary one.
Attached is a diagram of the setup.
(Update seems that isakmp site to site link is not coming up now - other than that internal communication is working from the ASA on failover)
Yes they are Marvin and subinterfaces configured - all is working fine now (at least seems so). Perhaps just a couple of restarts for all devices fixed the issue as failover is working fine including site to site VPN re-connection from failed over ASA. Downtime only lasts around 5 to 10 seconds
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :