Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
3
Replies

ASA 8.4(4) failover issue

Go to solution
zyontrific
Level 1
Level 1

‎03-11-2013 05:37 AM - edited ‎03-11-2019 06:12 PM

Hi,

We have just tested a failover configuration which fortunately we did on some test devices first as the following happened:

Failover configuration:

!ASA-1
failover lan unit primary
failover lan interface folink GigabitEthernet0/2
failover link folink GigabitEthernet0/2
failover interface ip folink 172.31.1.1 255.255.255.252 standby 172.31.1.2
failover


!ASA-2
failover lan interface folink GigabitEthernet0/2
failover interface ip folink 172.31.1.1 255.255.255.252 standby 172.31.1.2
failover lan unit secondary
failover

      

The issue was even though we have stated which is primary and which is secondary the replication of the configuration went from the Secondary to the Primary and not the other way round. So the device with no configuration has overwritten the device with the configuration. Is this a known issue? Seems pointless having the primary and secondary options if it uses another way to determine which way to replicate. We need to know why this happened before we do it on our production devices.

Any help would be appreciated.

Regards,

Z

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-11-2013 05:42 AM

The configuration replication doesn't go from Primary to Secondary, it goes from Active to Standby unit. You always have to ensure that you have the correct configuration on the Active unit of the firewall.

Here is the config guide for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_active_standby.html#wp1079460

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-11-2013 05:42 AM

The configuration replication doesn't go from Primary to Secondary, it goes from Active to Standby unit. You always have to ensure that you have the correct configuration on the Active unit of the firewall.

Here is the config guide for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_active_standby.html#wp1079460

0 Helpful

Go to solution
zyontrific
Level 1
Level 1
In response to Jennifer Halim

‎03-11-2013 06:18 AM

Thanks Jennifer - my misunderstanding of the primary/secondary settings. At least we did it in test first.

Regards,

Z

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to zyontrific

‎03-11-2013 06:20 AM

No problem.

You are on the right track, it's always good to test it first (won't look too good in production).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card