cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


806
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA 5585 HA failover..

Hi Guyz,

I have a pair of ASA 5585 configured with 2 contexts, C1 & C2,

C1 is active on ASA-1 & C2 is active on ASA-2

i did failover test, ping was initiated to host residing behind ASA-1 in context C1

i  powered of ASA-1 then both context became active on ASA-2, however during this failover.i saw 4 ping packets drop...

Is this normal...shoudnt i see lossless failover?

Thanks in Advance

Mazhar

Everyone's tags (4)
3 REPLIES 3

ASA 5585 HA failover..

Hello Mazhar,

Sine the ICMP is not inspected by default in ASA, it is normal to see the ping drops during failover.

you can try below to configure ICMP inspection and test again

policy-map global_policy

class inspection_default

inspect icmp

hope this helps

Harish.

Beginner

ASA 5585 HA failover..

Thanks for the reply Harish,

i have inspect icmp already configured under global policy.

will there wont be any packet loss for TCP connections during failover?

ASA 5585 HA failover..

ideally TCP/ UDP states  are transferred to the secodary unit hence you should not see any drops.  you can get this tested as follows

1.telnet to a device behind ASA before failover

2. do the failover

3.see whether you have the telnet session still active.

I hope you have both failover and state link confogured between the firewalls and they are active

Harish.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here