01:56:09 ASA-SM1 : %ASA-1-105042: (Primary) Failover interface OK
01:56:32 ASA-SM1 : %ASA-1-103001: (Primary) No response from other firewall (reason code = 3).
01:56:47 ASA-SM1 : %ASA-1-103001: (Primary) No response from other firewall (reason code = 4).
The standby ASA said ' failover off' but a reload of the standby fixed the dual active problem:
Standby: ASA-SM1# sh failo
Failover unit Secondary
Failover LAN Interface: folink Vlan998 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
ASA-SM1# sh failo state
State Last Failure Reason Date/Time
This host - Secondary
Other host - Primary
Not Detected Comm Failure 01:55:59
'Service-policy in' on the uplink interface (was 512/10 before):
embryonic-conn-max 256 per-client-embryonic-max 5
1. possible causes for the com failure (memory exhaust ?) Any good commands for checking ?
2. The failover link: In an ASA appliance setup it is recomended to etasblish a dedicated physical failover link between til ASAs - What about ASA-SM in a VSS setup - does it make sense to establish a f.ex physical 1G link for failover, and if yes: won't there be a loop issue with this and the fo vlan on the VSL link ?
3. What is "interface policy 1" in the 'sh failo' command output ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...