I am having two ASA 5540 running 7.2.2.Both are confgured for Active/Standby Failover. I have three interfaces configured.
Whichever ASA is Active In the "show failover" output two of those interfaces in active unit are in Normal state while the same interface in the Secondary is in Normal(Waiting) state. The third interface in the active is in Normal(Waiting) state, but the same interface in the Standby is in Normal state.
This is regardless of any unit becoming Active. I have downgraded to other OS also 7.0(2) also, but still the same result.
The failover is working perfectly, when either one unit goes down or one interface goes down. I can not find any cosmetic bugs also in the Cisco site.
I think the problem could be with the switch not tagging the packets properly (if in trunk mode). The interfaces are in waiting which means that they are not receiving failover hello packets on the interface from the other firewall. This means one of three things:
1. The firewall interfaces with the problem do not have a standby ip configured.
2. The two interfaces of the firewalls are not in the same layer 2 broadcast domain or
3. The other firewall is not configured for failover, or there is some configuration synchronization problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :