One of my failover pair of ASA 5520s need to be replaced. It is the primary unit. Will the following commands suffice:
description LAN/STATE Failover Interface
failover lan unit primary
failover lan interface State_Failovr GigabitEthernet0/3
failover link State_Failovr GigabitEthernet0/3
failover interface ip State_Failovr 10.10.30.161 255.255.255.248 standby 10.10.30.162
I guess what I'm asking is what is the logic. Once the new unit is configured it will come up as active before it sees the secondary which is also active. Once communication is established over the failover link, will the secondary remain the active ASA since it has been up the longest or will the primary remain the active ASA since this is the first contact with the secondary as far as it knows?
From your description I think that you are using Active/Standby failover. In this scenario when the active (master) unit goes down the standby unit takes over as the active unit and it will constantly poll to check if the master unit is available and is working fine. if the master unit is availalbe it will then transfer the control to the master unit making it once again the active unit.
Yes, this is an active /standby pair in a single security context. Thanks for your reply but I've already replaced the failed unit. I first connected the failover link, then powered up the replacement ASA having put in only the config in my previous message. The new Primary unit made contact with the Active /secondary unit, downloaded the active running configuration, and then went into standby mode. I then connected the other ports on the primary unit and it is running in standby mode.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...