Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5540 Not sending configuration to mate

Hello I just swapout a bad ASA in active/stanby mode the secondary unit was bad however I configured the secondary unit with the minimum configuration:

interface GigabitEthernet0/3

description LAN/STATE Failover Interface

failover

failover lan unit secondary

failover lan interface failover GigabitEthernet0/3

failover polltime unit 5 holdtime 15

failover replication http

failover link failover GigabitEthernet0/3

failover interface ip failover 172.16.3.1 255.255.255.0 standby 172.16.3.2

However when I bootup the secondary the primary never dump the config down to the secondary. Do i have to add something else?

7 REPLIES
Community Member

Re: ASA5540 Not sending configuration to mate

Hi

be sure both firewalls are same: hw, sw and license.

Same command "failover interface ip failover 172.16.3.1 255.255.255.0 standby 172.16.3.2" on both ASAs.

Try put failover command on both units again.

If dont help- send output from show failover from both units.

Regards Jan

Community Member

Re: ASA5540 Not sending configuration to mate

thanks

Community Member

Re: ASA5540 Not sending configuration to mate

I thought LAN failover supports different sw versions as long as they are at version 7 minimum. Isn't this to support upgrading them during production?

Thanks!

Gold

Re: ASA5540 Not sending configuration to mate

starting with 7.x, you can run different software versions - for during zero down time upgrades only. it's not meant to be a long term solution for anything.

as a previous poster said:

same hardware EXACTLY

same license

same OS

to the OP, if it's still not working, post your failover and interface config sections from both, and "show failover" outputs from both.

Community Member

Re: ASA5540 Not sending configuration to mate

I have a customer with 2 ASA-5510 firewalls. From show version, one is ASA5510 and the other is ASA5510-K8. Can these do LAN failover provided correct images and licensing?

Thanks

Cisco Employee

Re: ASA5540 Not sending configuration to mate

That should not be a problem. This had some issues using CSM to manage these but, that has been corrected as well in the new CSM code. CSCsg34759

Make sure DES and 3DES licensing is the exact same between the two units.

Make sure interface GigabitEthernet0/3 shows up up and that you can ping one unit from the other (172.16.3.1 can ping 172.16.3.2 and

vice versa).

Community Member

Re: ASA5540 Not sending configuration to mate

Thanks!!

156
Views
0
Helpful
7
Replies
CreatePlease to create content