Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA failover problem

Hi! I have two ASA 5520 with AIP-SSM Module. I have configured stateful failover and I `ve got two questions.

1. When I power off the primary failover unit I loose contact with the firewall about 10 seconds,(I don`t think this is normal when you use virtual mac address) and it is the same problem when I power off the secondary unit. I am not sure if I have configured virtual mac address correct.

2. Can the ip address at the AIP-SSM be the same (I have read that they are NOT involved in the failover function) or do it have to be different addresses?

Does anyone know the answers to this I would be very grateful. Below is the failover configuration of the primary unit. The second unit was configured exactly the same apart from command “failover lan unit”

interface GigabitEthernet0/1

description LAN/STATE Failover Interface


failover lan unit primary

failover lan interface failover_interface GigabitEthernet0/1

failover key *****

failover replication http

failover mac address GigabitEthernet0/0 7889.7889.9990 7889.7889.9991

failover mac address GigabitEthernet0/2 7889.7889.8880 7889.7889.8881

failover mac address GigabitEthernet0/3 7889.7889.7770 7889.7889.7771

failover link failover_interface GigabitEthernet0/1

failover interface ip failover_interface standby



Re: ASA failover problem

To log in to AIP SSM from ASA, follow these steps:

Step 1 Log in to ASA.

If ASA is operating in multi-mode, use the change system command to get to the system level prompt before continuing. -

Step 2 Session to AIP SSM:

asa# session 1

Step 3 Type your username and password at the login prompt:

The default username and password are both cisco. You are prompted to change them the first time you log in to AIP SSM. You must first enter the UNIX password, which is cisco. Then you must enter the new password twice.