Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

asa failover is it possible Ethernet cable to connect the appliances directly, without the need for an external switch in asa 5510

asa failover is it possible Ethernet cable to connect the appliances directly, without the need for an external switch in asa 5510 pls help me ont his  ...

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

asa failover is it possible Ethernet cable to connect the applia

Sure, a direct Ethernet cable between the two units' designated failover interfaces works fine. Cisco recommends via a switch but it's not required.

7 REPLIES
Hall of Fame Super Silver

asa failover is it possible Ethernet cable to connect the applia

Sure, a direct Ethernet cable between the two units' designated failover interfaces works fine. Cisco recommends via a switch but it's not required.

asa failover is it possible Ethernet cable to connect the applia

Hello Anand,

Yes, you can use a ethernet cable to connect both devices, you can find that cisco recommends a switch but this because it makes the troubleshooting so much easier when you are having an issue regarding the failover interface.

Hope this helps, any other question just let me know.

Julio

Rate helpful posts!

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

asa failover is it possible Ethernet cable to connect the applia

Thank you ..i  configured the asa ..its working fine ..one is in  active and otherone is standby ... pls  let me know ..

FW1:

sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 110 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 09:09:46 UTC Jan 19 2012
        This host: Primary - Active
                Active time: 1283 (sec)
                slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
                  Interface inside (10.90.140.2): Normal (Waiting)
                  Interface management (192.168.1.2): No Link (Waiting)
                slot 1: empty
        Other host: Secondary - Standby Ready
                Active time: 1818 (sec)
                slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
                  Interface inside (0.0.0.0): Normal (Waiting)
                  Interface management (0.0.0.0): No Link (Waiting)
                slot 1: empty

Stateful Failover Logical Update Statistics
        Link : Unconfigured.

FW2:

sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 110 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 09:09:38 UTC Jan 19 2012
        This host: Secondary - Standby Ready
                Active time: 1818 (sec)
                slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
                  Interface inside (0.0.0.0): Normal (Waiting)
                  Interface management (0.0.0.0): No Link (Waiting)
                slot 1: empty
        Other host: Primary - Active
                Active time: 1437 (sec)
                slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
                  Interface inside (10.90.140.2): Normal (Waiting)
                  Interface management (192.168.1.2): No Link (Waiting)
                slot 1: empty

Stateful Failover Logical Update Statistics
        Link : Unconfigured.


------------------------------------------------------------------------------------------

Dhiv.....

Re: asa failover is it possible Ethernet cable to connect the ap

Hello Anand,

yeap, the failover cluster is up and running, as you can see on the inside interface the state is normal (waiting) that means the hello packets for the failover monitoring are not being exchanged just fYI.

Regards,

Julio

Do rate helpful posts!

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: asa failover is it possible Ethernet cable to connect the ap

in this configuration 2 asa hostname are  showing same even i change also ...then one more qus how much time it will take to failover ..is there we can change the time..thanks a lot

Hall of Fame Super Silver

asa failover is it possible Ethernet cable to connect the applia

Anand

In a failover pair the ASAs share a single configuration file and it is normal that both devices will share the same host name.

If you have given them different names then would I be correct in understanding that you went into the standby ASA and made a config change to its name? (if you made a change on the primary ASA it should sync the config to the backup and bring the names back to the same) If you have done this I would assume that it is a temporary change. At some point there will be an event which causes the primary ASA to sync the config files and when that happens it should make the host names the same again.

In my experience the failover is very quick. I assume that the timing may vary some depending on how the failover is initiated. We have tested failover using the software command and that failover is very fast. We have tested failover by failing power on the primary ASA and that failover is also very fast. If the failure were a based on an interface failure then I assume that the timing of the failover would depend on how long it took to recognize and react to the interface failure - and there is some flexibility in those timers.

HTH

Rick

asa failover is it possible Ethernet cable to connect the applia

Hello Anand,

Just to add to what Richard has mentioned, the failover polltime ( how often does the Failover pair exchanges the hello packets to check if the other unit is active) is one second, you can configure a sub-second failover (polltime : less than one second) to make it even faster, of course that will means more traffic being sent on each interface being monitored.

Just for you to know.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
405
Views
0
Helpful
7
Replies