https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141065#M359794 <P>Hi all</P><P></P><P></P><P>customer has ASA cluster pair which is running 8.2 (5) </P><P>This firewall is participating in the OSPF process, and the affected interface are in the "Area 0". "Remote stations" are also a Cisco components (eg, WS-C3750-24TS-S with 12.2 (44) SE5, </P><P></P><P></P><P></P><P>When you perform "no failover active" the firewall cluster and also triggered by removing a cable&nbsp; (not the SYNC interface) takes the standby node as expected.</P><P></P><P>Tests have shown that it can take up to ~ 60 seconds until the newly activated firewall works again(this really means everything is now up and running as it should do ),ping from the firewall to the Internet via LAN. Prior to the implementation of OSPF showed a non-measurable results, no ping loss though.</P><P></P><P></P><P>there are two questions at the moment </P><P>1 ) could this problem be solved by upgrading the ASA to 8.4 = already answered</P><P>2 ) any known&nbsp; configuration parameters which we could apply on the router ?</P><P></P><P>also keep in mind</P><P>The standby becomes active almost immediately. Passing packets via that firewall takes that high amount of waiting time. The culprit might be the missing routing data (OSPF update …)</P><P>any advice on the OSPF please?</P><P></P><P>thanks in advance</P><P>Lancellot</P> Tue, 12 Mar 2019 01:16:55 GMT Lance Wendel 2019-03-12T01:16:55Z https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141065#M359794 <P>Hi all</P><P></P><P></P><P>customer has ASA cluster pair which is running 8.2 (5) </P><P>This firewall is participating in the OSPF process, and the affected interface are in the "Area 0". "Remote stations" are also a Cisco components (eg, WS-C3750-24TS-S with 12.2 (44) SE5, </P><P></P><P></P><P></P><P>When you perform "no failover active" the firewall cluster and also triggered by removing a cable&nbsp; (not the SYNC interface) takes the standby node as expected.</P><P></P><P>Tests have shown that it can take up to ~ 60 seconds until the newly activated firewall works again(this really means everything is now up and running as it should do ),ping from the firewall to the Internet via LAN. Prior to the implementation of OSPF showed a non-measurable results, no ping loss though.</P><P></P><P></P><P>there are two questions at the moment </P><P>1 ) could this problem be solved by upgrading the ASA to 8.4 = already answered</P><P>2 ) any known&nbsp; configuration parameters which we could apply on the router ?</P><P></P><P>also keep in mind</P><P>The standby becomes active almost immediately. Passing packets via that firewall takes that high amount of waiting time. The culprit might be the missing routing data (OSPF update …)</P><P>any advice on the OSPF please?</P><P></P><P>thanks in advance</P><P>Lancellot</P> Tue, 12 Mar 2019 01:16:55 GMT https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141065#M359794 Lance Wendel 2019-03-12T01:16:55Z https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141066#M359795 <HTML><HEAD></HEAD><BODY><P>Hello Lance,</P><P></P><P>I would that 8.4 would be great as we support the exchange of&nbsp; stateful information regarding routing protocols via the stateful link so after an event the secondary unit will take place and start routing as it has built the routing table with the primary unit via the stateful link info <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P>Hope that I could help</P></BODY></HTML> Wed, 20 Mar 2013 17:20:55 GMT https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141066#M359795 Julio Carvajal 2013-03-20T17:20:55Z https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141067#M359796 <HTML><HEAD></HEAD><BODY><P> Hi Jcarvaja</P><P></P><P>thanks for the reply, I have seen the release notes on the Cisco site and also came across the following </P><P>link <A href="http://www.groupstudy.com/archives/ccielab/201210/msg00460.html">http://www.groupstudy.com/archives/ccielab/201210/msg00460.html</A></P><P>which stat once failover it will have a delay of 10sec.</P><P>also found the following link with the bug, hence I am trying to find some tweak on router level</P><P><A href="http://www.gossamer-threads.com/lists/cisco/nsp/161609">http://www.gossamer-threads.com/lists/cisco/nsp/161609</A></P><P></P><P>regards,</P><P>Lancellot</P></BODY></HTML> Wed, 20 Mar 2013 17:32:31 GMT https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141067#M359796 Lance Wendel 2013-03-20T17:32:31Z https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141068#M359797 <HTML><HEAD></HEAD><BODY><P>Hello Lance,</P><P></P><P>Yeahp,</P><P></P><P>Do you see the same behavior after failover happens?</P><P></P><P>Does the OSPF neighorship goes down?</P><P></P><P>Regards,</P></BODY></HTML> Wed, 20 Mar 2013 19:41:50 GMT https://community.cisco.com/t5/network-security/asa-ha-pair-and-ospf-with-router/m-p/2141068#M359797 Julio Carvajal 2013-03-20T19:41:50Z