05-04-2010 12:15 AM - edited 03-11-2019 10:40 AM
Hi All
I have HA for my networks setup ( Active\Standby ) , when my primary ASA fails down or powered off automatically failover replication is happening and my secondary device carrying the traffic . whn i power on back my primary device its nt prempting to active and restoring back to active state,
let me know any commands to be added , else it have any defined time interval so that primary device ll prempt automatically to active state ,
else we do it manually by forcing failover active .
config of primary ASA
failover lan unit primary
failover lan interface failover Ethernet0/2
failover key *****
failover replication http
failover link State Ethernet0/3
failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
failover interface ip State 10.10.10.1 255.255.255.0 standby 10.10.10.2
secondary ASA
failover
failover lan unit secondary
failover lan interface failover Ethernet0/2
failover key *****
failover replication http
failover link State Ethernet0/3
failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
failover interface ip State 10.10.10.1 255.255.255.0 standby 10.10.10.2
primary device sh failover
lab-asa--01# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover Ethernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
failover replication http
Version: Ours 7.2(4)30, Mate 7.2(4)30
Last Failover at: 10:53:34 IN May 4 2010
This host: Primary - Standby Ready
Active time: 3115 (sec)
slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)
Interface outside (10.127.128.45): Normal
Interface inside (10.125.136.132): Normal
Interface management (0.0.0.0): Link Down (Waiting)
slot 1: empty
Other host: Secondary - Active
Active time: 5933 (sec)
slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)
Interface outside (10.127.128.46): Normal
Interface inside (10.125.136.129): Normal
Interface management (0.0.0.0): Link Down (Waiting)
slot 1: empty
Secondary device failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover Ethernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
failover replication http
Version: Ours 7.2(4)30, Mate 7.2(4)30
Last Failover at: 10:53:34 IN May 4 2010
This host: Secondary - Active
Active time: 5983 (sec)
slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)
Interface outside (10.127.128.46): Normal
Interface inside (10.125.136.129): Normal
Interface management (0.0.0.0): Link Down (Waiting)
slot 1: empty
Other host: Primary - Standby Ready
Active time: 3115 (sec)
slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)
Interface outside (10.127.128.45): Normal
Interface inside (10.125.136.132): Normal
Interface management (0.0.0.0): Link Down (Waiting)
slot 1: empty
Plz suggest here ..
05-04-2010 12:54 AM
ASA Active/Standby failover does not support preemption.
Only ASA Active/Active failover or multicontext mode supports preempt when configured under failover group as follows:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1885649
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1048966