https://community.cisco.com/t5/network-security/asa-failover-problem/m-p/489497#M427578 <P>Hi! I have two ASA 5520 with AIP-SSM Module. I have configured stateful failover and I `ve got two questions. </P><P>1. When I power off the primary failover unit I loose contact with the firewall about 10 seconds,(I don`t think this is normal when you use virtual mac address) and it is the same problem when I power off the secondary unit. I am not sure if I have configured virtual mac address correct. </P><P>2. Can the ip address at the AIP-SSM be the same (I have read that they are NOT involved in the failover function) or do it have to be different addresses?</P><P>Does anyone know the answers to this I would be very grateful. Below is the failover configuration of the primary unit. The second unit was configured exactly the same apart from command &#147;failover lan unit&#148;</P><P></P><P>interface GigabitEthernet0/1</P><P> description LAN/STATE Failover Interface</P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover_interface GigabitEthernet0/1</P><P>failover key *****</P><P>failover replication http</P><P>failover mac address GigabitEthernet0/0 7889.7889.9990 7889.7889.9991</P><P>failover mac address GigabitEthernet0/2 7889.7889.8880 7889.7889.8881</P><P>failover mac address GigabitEthernet0/3 7889.7889.7770 7889.7889.7771</P><P>failover link failover_interface GigabitEthernet0/1</P><P>failover interface ip failover_interface 172.29.20.1 255.255.255.0 standby 172.29.20.2</P><P></P><P>/Regards</P><P></P><P></P> Fri, 21 Feb 2020 08:40:27 GMT cisco7889 2020-02-21T08:40:27Z https://community.cisco.com/t5/network-security/asa-failover-problem/m-p/489497#M427578 <P>Hi! I have two ASA 5520 with AIP-SSM Module. I have configured stateful failover and I `ve got two questions. </P><P>1. When I power off the primary failover unit I loose contact with the firewall about 10 seconds,(I don`t think this is normal when you use virtual mac address) and it is the same problem when I power off the secondary unit. I am not sure if I have configured virtual mac address correct. </P><P>2. Can the ip address at the AIP-SSM be the same (I have read that they are NOT involved in the failover function) or do it have to be different addresses?</P><P>Does anyone know the answers to this I would be very grateful. Below is the failover configuration of the primary unit. The second unit was configured exactly the same apart from command &#147;failover lan unit&#148;</P><P></P><P>interface GigabitEthernet0/1</P><P> description LAN/STATE Failover Interface</P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover_interface GigabitEthernet0/1</P><P>failover key *****</P><P>failover replication http</P><P>failover mac address GigabitEthernet0/0 7889.7889.9990 7889.7889.9991</P><P>failover mac address GigabitEthernet0/2 7889.7889.8880 7889.7889.8881</P><P>failover mac address GigabitEthernet0/3 7889.7889.7770 7889.7889.7771</P><P>failover link failover_interface GigabitEthernet0/1</P><P>failover interface ip failover_interface 172.29.20.1 255.255.255.0 standby 172.29.20.2</P><P></P><P>/Regards</P><P></P><P></P> Fri, 21 Feb 2020 08:40:27 GMT https://community.cisco.com/t5/network-security/asa-failover-problem/m-p/489497#M427578 cisco7889 2020-02-21T08:40:27Z https://community.cisco.com/t5/network-security/asa-failover-problem/m-p/489498#M427580 <HTML><HEAD></HEAD><BODY><P>To log in to AIP SSM from ASA, follow these steps: </P><P></P><P>Step 1 Log in to ASA. </P><P>If ASA is operating in multi-mode, use the change system command to get to the system level prompt before continuing. -</P><P></P><P>Step 2 Session to AIP SSM: </P><P>asa# session 1</P><P>Step 3 Type your username and password at the login prompt: </P><P>The default username and password are both cisco. You are prompted to change them the first time you log in to AIP SSM. You must first enter the UNIX password, which is cisco. Then you must enter the new password twice. </P></BODY></HTML> Tue, 31 Jan 2006 21:19:42 GMT https://community.cisco.com/t5/network-security/asa-failover-problem/m-p/489498#M427580 owillins 2006-01-31T21:19:42Z