Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Failover Question

I have 2 5540 ASA in an Active / Standy setup. The Active firewall has a packet shaper sitting between it and the inside LAN. When I reboot the Packet shaper the FWs failover. I have the default timeings for failover 1 second hello 15 seconds keepalive. I would assume this emans that as long as the Active firewall sends a hello packet within 15 seconds the standby will not assume the active role. The Packet Shaper reboot takes only a couple of seconds (typically 1 or 2 lost ping packets) Am I missing something simple here?

4 REPLIES

Re: ASA Failover Question

The packetshaper takes only a few seconds to reboot. However, the interface link will be down for approximately 40 seconds during the reboot as I tested in a lab.

All systems are like this, it doesn't mean that once they booted successfully, their network link will be up at the same time.

New Member

Re: ASA Failover Question

Danilo,

thanks for your quick response. What is the reason for this?

By the way, the packet shaper does not really take only a few seconds to boot, buts "fails open" whenever it is rebooted.

Silver

Re: ASA Failover Question

This is probably because of interface health checks. The primary device sees the interface go down and is now "less healthy" than the secondary and fails over.

New Member

Re: ASA Failover Question

Pete,

Thanks very much for your respose. Do you know how I can override this default behaviour and ensure the primary stays active unless the secondary does not receive a hello packet within the 15 seconds?

Thanks again,

Rich

114
Views
0
Helpful
4
Replies
CreatePlease to create content