I have a pair of ASA 5585 configured with 2 contexts, C1 & C2,
C1 is active on ASA-1 & C2 is active on ASA-2
i did failover test, ping was initiated to host residing behind ASA-1 in context C1
i powered of ASA-1 then both context became active on ASA-2, however during this failover.i saw 4 ping packets drop...
Is this normal...shoudnt i see lossless failover?
Thanks in Advance
Sine the ICMP is not inspected by default in ASA, it is normal to see the ping drops during failover.
you can try below to configure ICMP inspection and test again
hope this helps
Thanks for the reply Harish,
i have inspect icmp already configured under global policy.
will there wont be any packet loss for TCP connections during failover?
ideally TCP/ UDP states are transferred to the secodary unit hence you should not see any drops. you can get this tested as follows
1.telnet to a device behind ASA before failover
2. do the failover
3.see whether you have the telnet session still active.
I hope you have both failover and state link confogured between the firewalls and they are active