I have configured Active / Standby and it working perfectly. I also have configured Stateful failover in the Firewall using the same Interface of Failover Link Gig 0/0. That is I am using the same Interface for both Link Failover and Stateful Failover (GigabitEthernet 0/0).
Failover is happening perfectly. I donot have any problem. But when i login to Standby unit and enter "show local-host" command I am not seeing the state table, which is appearing in Active Unit. I am afraid whether the firewalls are really replicating the state table with each other. My understanding is that Active Unit will also replicate state information to Standby Unit.
How this works and why it behaves like this. If anybody have clue please guide me
Would you mind elaborating a bit more on your answer ? statefull failover actually replicates stefull information such TCP/UDP connections, NAT .. etc so that if the active unit fails then the standy unit takes over without the requirement for re-stablishing new sessions .. are we in the same track here ..?
Regular and Stateful Failover
The security appliance supports two types of failover, regular and stateful. This section includes the following topics:
When a failover occurs, all active connections are dropped. Clients need to reestablish connections when the new active unit takes over.
When Stateful Failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Supported end-user applications are not required to reconnect to keep the same communication session.
The state information passed to the standby unit includes the following:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :