Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1682
Views
0
Helpful
1
Replies

ASA Failover Ping fail

rosarra
Level 1
Level 1

‎04-03-2007 09:17 AM - edited ‎03-11-2019 02:55 AM

Hello,

I've a problem with two ASA 5520 configured for statefull failover Active/standby using a VPN l2l connection. I have sent successfully ping packets from the outside lan but if I switch from the failover to standby ASA the ping doesn't work.

This is my failover configuration:

failover

failover lan unit primary

failover lan interface heartbeat GigabitEthernet0/3

failover polltime interface 1 holdtime 5

failover link stateful GigabitEthernet0/2

failover interface ip heartbeat 1.1.1.1 255.255.255.0 standby 1.1.1.254

failover interface ip stateful 1.1.2.1 255.255.255.0 standby 1.1.2.254

Any ideas?

Labels:
0 Helpful
1 Reply 1

sebastan_bach
Level 4
Level 4

‎04-03-2007 05:57 PM

hi the answer to ur query is that asa or pix even in the stateful failover configuration doesn;t support passing on stateful information abt icmp. the icmp xlates are not passed on from the active asa to the standy asa.

so after the failover there will be some drops for the new xlates to be created.but then it will start pinging from the new asa also.

hope this helps.

regards

sebastan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card