I'm hoping someone out there can definitively answer a question concerning failover time because I find conflicting information in the Cisco docs. We are debating turning on stateful failover for a new set of PIXes protecting a DMZ area - 525's w/ 6.3 code. If we do this and the primary PIX fails, how long does it take for the secondary to take over? Currently our production PIXes do LAN failover so fast we don't notice, but we've never done stateful failover. My concern is that the docs I find state it takes 30 seconds to failover. If I have a customer on my website and it fails, will they wait 30 seconds for a response or will I lose the business?
this parameter is configurable using "failover poll" command. we have configured statful failover on a pair of 525s with 6.2(2) code. set the poll interval to 3 seconds. the stateful failover did not take 9 seconds before failing over, more like 4-5 seconds. tcp connections didn't get drop (feature of stateful). work like a charm. hope this help.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...