ā01-19-2012 06:38 AM - edited ā03-11-2019 03:16 PM
asa failover is it possible Ethernet cable to connect the appliances directly, without the need for an external switch in asa 5510 pls help me ont his ...
Solved! Go to Solution.
ā01-19-2012 07:20 AM
Sure, a direct Ethernet cable between the two units' designated failover interfaces works fine. Cisco recommends via a switch but it's not required.
ā01-19-2012 07:20 AM
Sure, a direct Ethernet cable between the two units' designated failover interfaces works fine. Cisco recommends via a switch but it's not required.
ā01-19-2012 09:21 AM
Hello Anand,
Yes, you can use a ethernet cable to connect both devices, you can find that cisco recommends a switch but this because it makes the troubleshooting so much easier when you are having an issue regarding the failover interface.
Hope this helps, any other question just let me know.
Julio
Rate helpful posts!
ā01-19-2012 09:34 AM
Thank you ..i configured the asa ..its working fine ..one is in active and otherone is standby ... pls let me know ..
FW1:
sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 110 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 09:09:46 UTC Jan 19 2012
This host: Primary - Active
Active time: 1283 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface inside (10.90.140.2): Normal (Waiting)
Interface management (192.168.1.2): No Link (Waiting)
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 1818 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface inside (0.0.0.0): Normal (Waiting)
Interface management (0.0.0.0): No Link (Waiting)
slot 1: empty
Stateful Failover Logical Update Statistics
Link : Unconfigured.
FW2:
sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 110 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 09:09:38 UTC Jan 19 2012
This host: Secondary - Standby Ready
Active time: 1818 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface inside (0.0.0.0): Normal (Waiting)
Interface management (0.0.0.0): No Link (Waiting)
slot 1: empty
Other host: Primary - Active
Active time: 1437 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface inside (10.90.140.2): Normal (Waiting)
Interface management (192.168.1.2): No Link (Waiting)
slot 1: empty
Stateful Failover Logical Update Statistics
Link : Unconfigured.
------------------------------------------------------------------------------------------
Dhiv.....
ā01-19-2012 09:37 AM
Hello Anand,
yeap, the failover cluster is up and running, as you can see on the inside interface the state is normal (waiting) that means the hello packets for the failover monitoring are not being exchanged just fYI.
Regards,
Julio
Do rate helpful posts!
ā01-19-2012 11:13 AM
in this configuration 2 asa hostname are showing same even i change also ...then one more qus how much time it will take to failover ..is there we can change the time..thanks a lot
ā01-19-2012 12:56 PM
Anand
In a failover pair the ASAs share a single configuration file and it is normal that both devices will share the same host name.
If you have given them different names then would I be correct in understanding that you went into the standby ASA and made a config change to its name? (if you made a change on the primary ASA it should sync the config to the backup and bring the names back to the same) If you have done this I would assume that it is a temporary change. At some point there will be an event which causes the primary ASA to sync the config files and when that happens it should make the host names the same again.
In my experience the failover is very quick. I assume that the timing may vary some depending on how the failover is initiated. We have tested failover using the software command and that failover is very fast. We have tested failover by failing power on the primary ASA and that failover is also very fast. If the failure were a based on an interface failure then I assume that the timing of the failover would depend on how long it took to recognize and react to the interface failure - and there is some flexibility in those timers.
HTH
Rick
ā01-19-2012 01:31 PM
Hello Anand,
Just to add to what Richard has mentioned, the failover polltime ( how often does the Failover pair exchanges the hello packets to check if the other unit is active) is one second, you can configure a sub-second failover (polltime : less than one second) to make it even faster, of course that will means more traffic being sent on each interface being monitored.
Just for you to know.
Regards,
Julio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: