Actually the important fact is we need to configure "no failover" before connecting primary to "standby active" mate.
As when i tried without doing "no failover" on primary, please check the console message from primary asa after connecting failover cable to standby active.All the standby active config was overwritten by primary mate.since my primary mate had old config, it was overwritten on standby mate.
Can you please let me know what mistake i have done other than "no failover" before connecting failover cable ?
You already noted what you did incorrectly. If you follow the steps of the Cisco procedure exactly, you should get the configuration from the "standby - active" mate to synchronize to the replaced unit.
Once you have verified proper synchronization you can then force a given unit to become active with "failover active" command and/or use of the preempt configuration parameter.
I have some queries about the point thet mentioned in document that you suggested.
There is mentioned that 1) when failover link failed within operation there is no failover .
2) when failover link failed at startup both firewalls becomes active.
As we know both unit track each other using hellos. So why both unit does not get active in scenario one as ther is no hello between both the unit. Please correct me , as I am littile bit confused after reading these point.
If I understand your question, you would like to know why "when failover link failed within operation there is no failover".
That should not be the case. When the failover link itself fails, both units should become active. This would be the same as you note in 2) above. Please see the explanation in the ASA CLI Configuration Guide here.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...