So I've got a customer on an ASA5510 everything is working great (VPN site to site, AnyConnect Essentials).
They want to have another 5510 in standby mode so if the primary fails it takes over.
I look over the documents and at the HA/Failover setup in ASDM and it looks like a piece of cake.
On the standby I connect Port 0 to the Wan VLAN, Identical to the Active.
Port 1 to the LAN VLAN, then port 2 and port 3 directly to the port 2 and port 3 on the Active.
I have both ASDM pages open and first configure the standby failover with preference as the secondary.
Then go to the active ASDM and enter that info with preference as the primary.
As soon as I hit apply I loose connetivity with the primary I loose connectivity on the Active box through the managerment interface.
The worst scenario that could have happened. My active ASA has synced up with the backup ASA and now has the default ASA configs loaded.
I have someone power off the standby ASA that has now become active.
I then copy and paste the last running config that luckily I have saved through the console port and customer seems to be back up.
My question is what did I do wrong?
The only thing I can figure out is there is a box on the failover where you enter the number of interfaces that must fail before it takes control and that was set to 1. I had the Wan and LAN interfaces disabled when I applied so maybe it saw that and defaulted.
Should I copy the current running config on the active to the standy box before I try to enable Active / Standby and then just change the Wan and LAN interface IPs?
The problem is most likely that you were monitoring the interfaces that were disabled.
You could configure the Active ASA first. then once it is configured issue the show failover command and see if the interfaces are monitored. Then remove monitoring from the interfaces that are disabled:
Then when you add the standby ASA to the failover pair, it should remain in standby. When the WAN and LAN links become active, then you can add the monitor-interface command again.
Please remember to rate and select a correct answer
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...