05-17-2010 11:03 PM - edited 03-11-2019 10:46 AM
Dear all,
I encoured stateful issue in a ASA 5520 architecture displayed on the drawing attached.
This is a LAN based active/standby failover link between a pair of ASA5520 (version 8(0)4). Stateful and failover use the same ethernet link (dedeicated VLAN).
To test this architecture, I have lanch a FTP tansfert between trust and untruct zone. During the trnasfer I shutdown the Unit Primary.
è The failover seems to work properly
è The stateful doesn’t work properly becaise my FTP transfert is closed (see attachment)
Find below my configuration :
interface GigabitEthernet0/0
description LAN Interface
speed 1000
duplex full
nameif outside
security-level 0
ip address 10.192.154.126 255.255.255.248 standby 10.192.154.125
!
interface GigabitEthernet0/1
description ToIP Server Interface
speed 1000
duplex full
nameif inside
security-level 100
ip address 10.192.154.30 255.255.255.224 standby 10.192.154.29
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
Unit Primary :
failover
failover lan unit primary
failover lan interface ASA_Failover GigabitEthernet0/3
failover key *****
failover link ASA_Failover GigabitEthernet0/3
failover interface ip ASA_Failover 10.192.154.110 255.255.255.252 standby 10.192.154.109
Unit Secondary
failover
failover lan unit secondary
failover lan interface ASA_Failover GigabitEthernet0/3
failover key *****
failover link ASA_Failover GigabitEthernet0/3
failover interface ip ASA_Failover 10.192.154.110 255.255.255.252 standby 10.192.154.109
Find also in attachment the result displayed by « sh failover »
Anyone have an ideao of what is wrong in my configuration. My goal is to have no impact oin the current TCP/UDP session when the primary unit failed.
Thanks for your help
Regards,
Hervé
05-18-2010 12:52 AM
Hi,
Try with "failover lan enable" on primary and secondary.
Best regards.
Massimiliano.
05-18-2010 02:17 AM
In addition You've to define an interface
"state"...
I hope this helps.
Best regards.
Massimiliano.
05-19-2010 12:29 AM
Hi,
Thanks for your help.
The issue is solved.
It was only a problem with DOS ftp client.
With filezilla the stateful works properly.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide