Which trigger a cisco ASA unit to be failed. The primary firewall was acting the active role and secondary was acting the standby role. On failure of one interface in the primary firewall, the unit was declared as failed and secondary firewall automatically switchover to the active role. In this scenario failover worked as expected but don't know why the primary unit was declared as failed in one interface failure.
I would like to know whether failure of single link connected to a interface makes the unit fail.If not what is the number of interface should be down to be a unit failed.
That is all controlled with the failover-commands. With "show failover" you can see the actual settings of your ASA.
The options are described in the config-guide:
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
The unit can fail in condition of too many monitored interfaces fail but in my case only one monitored interface is fail.But don't know why unit is showing failed.
what happened here is that we :
stopped receiving HA helloes on that interface
started interface testing as mentioned below :
then the interface marked as failed and failover happened . and notice that the default is to failover if we have one failed interface.
An interface check is always done by both the units in failover through hello packets exchange, failover would occur if
1) a monitored interface fails
2) the standby unit gets to know that it's peer has less active interfaces than it currently has n since it has more active interfaces, it becomes active.
I think 2nd option applies to ur case
Sent from Cisco Technical Support iPhone App