Thanks Chad. I downloaded it and printed it out. It seems Like I went through everything required, but failover still isnt quite getting there. I think Im really close though. On the primary unit, I get:
VSASA# sho fail state
Primary | Active |
Secondary | Standby |
My Fail Reason:
Other Fail Reason:
ciscoasa# sho fail
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 1
Monitored Interfaces 1 of 250 maximum
failover replication http
Version: Ours 7.0(5), Mate Unknown
Last Failover at: 10:51:43 UTC Jul 6 2006
This host: Secondary - Active
Active time: 74713 (sec)
slot 0: ASA5520 hw/sw rev (1.1/7.0(5)) status (Up Sys)
slot 1: ASA-SSM-10 hw/sw rev (1.0/5.0(2)S152.0) status (Up)
Interface management (192.168.1.80): Normal (Waiting)
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: empty
slot 1: empty
Interface management (0.0.0.0): Unknown (Waiting)
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 0 0 0 0
sys cmd 0 0 0 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
VPN IKE upd 0 0 0 0
VPN IPSEC upd 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 0 0
Xmit Q: 0 0 0
It appears that the failover isnt quite working, no traffic is being passed over the ethernet cable. Right now I just have a cable, not a switch or hub. I tried crossover and straight through to no avail. I am getting link status however but the orange light is on as well, and Im not sure thats correct.
OK Yup, got it. I had the primary/failover addresses backward on the failover interfaces. they need to be the same, not flipped. As soon as I did that all was well, thanks for narrowing it down for me.
The other 'mystery' to me is now that it fails over correctly, I notice that all the interfaces (inside/outside) have the same IP address. This makes sense of course but then how does active/active work? Im pretty sure I have it setup for active/active, but how can there be two interfaces on the network with the same IP Address?
hi buddy pls take care before going for active/active setup with multiple context cause u cannot terminate vpns and run dynmic routing protocols on the asa once u enter into multiple context mode. it' sounds sad but yes it is. see ya
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...