Hi! I have two ASA 5520 with AIP-SSM Module. I have configured stateful failover and I `ve got two questions.
1. When I power off the primary failover unit I loose contact with the firewall about 10 seconds,(I don`t think this is normal when you use virtual mac address) and it is the same problem when I power off the secondary unit. I am not sure if I have configured virtual mac address correct.
2. Can the ip address at the AIP-SSM be the same (I have read that they are NOT involved in the failover function) or do it have to be different addresses?
Does anyone know the answers to this I would be very grateful. Below is the failover configuration of the primary unit. The second unit was configured exactly the same apart from command failover lan unit
description LAN/STATE Failover Interface
failover lan unit primary
failover lan interface failover_interface GigabitEthernet0/1
failover key *****
failover replication http
failover mac address GigabitEthernet0/0 7889.7889.9990 7889.7889.9991
failover mac address GigabitEthernet0/2 7889.7889.8880 7889.7889.8881
failover mac address GigabitEthernet0/3 7889.7889.7770 7889.7889.7771
failover link failover_interface GigabitEthernet0/1
failover interface ip failover_interface 172.29.20.1 255.255.255.0 standby 172.29.20.2
To log in to AIP SSM from ASA, follow these steps:
Step 1 Log in to ASA.
If ASA is operating in multi-mode, use the change system command to get to the system level prompt before continuing. -
Step 2 Session to AIP SSM:
asa# session 1
Step 3 Type your username and password at the login prompt:
The default username and password are both cisco. You are prompted to change them the first time you log in to AIP SSM. You must first enter the UNIX password, which is cisco. Then you must enter the new password twice.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...