cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12549
Views
10
Helpful
3
Replies

ASA HA ACTIVE\FAILOVER , Primary device in nt preempting to active

Hi All

             I have HA for my networks setup ( Active\Standby ) , when my primary ASA fails down or powered off  automatically failover replication is happening and my secondary device carrying the traffic . whn i power on back my primary device its nt prempting to active and restoring back to active state,

              let me know any commands to be added , else it have any defined time interval so that primary device ll prempt automatically to active state ,

else we do it manually by forcing failover active .

config of  primary ASA

failover lan unit primary

failover lan interface failover Ethernet0/2

failover key *****

failover replication http

failover link State Ethernet0/3

failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2

failover interface ip State 10.10.10.1 255.255.255.0 standby 10.10.10.2

secondary ASA

failover

failover lan unit secondary

failover lan interface failover Ethernet0/2

failover key *****

failover replication http

failover link State Ethernet0/3

failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2

failover interface ip State 10.10.10.1 255.255.255.0 standby 10.10.10.2

primary device sh failover

lab-asa--01# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: failover Ethernet0/2 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

failover replication http

Version: Ours 7.2(4)30, Mate 7.2(4)30

Last Failover at: 10:53:34 IN May 4 2010

This host: Primary - Standby Ready

Active time: 3115 (sec)

slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)

Interface outside (10.127.128.45): Normal

Interface inside (10.125.136.132): Normal

Interface management (0.0.0.0): Link Down (Waiting)

slot 1: empty

Other host: Secondary - Active

Active time: 5933 (sec)

slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)

Interface outside (10.127.128.46): Normal

Interface inside (10.125.136.129): Normal

Interface management (0.0.0.0): Link Down (Waiting)

slot 1: empty

Secondary device failover

Failover On

Failover unit Secondary

Failover LAN Interface: failover Ethernet0/2 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

failover replication http

Version: Ours 7.2(4)30, Mate 7.2(4)30

Last Failover at: 10:53:34 IN May 4 2010

This host: Secondary - Active

Active time: 5983 (sec)

slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)

Interface outside (10.127.128.46): Normal

Interface inside (10.125.136.129): Normal

Interface management (0.0.0.0): Link Down (Waiting)

slot 1: empty

Other host: Primary - Standby Ready

Active time: 3115 (sec)

slot 0: ASA5510 hw/sw rev (2.0/7.2(4)30) status (Up Sys)

Interface outside (10.127.128.45): Normal

Interface inside (10.125.136.132): Normal

Interface management (0.0.0.0): Link Down (Waiting)

slot 1: empty

Plz suggest here ..

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

ASA Active/Standby failover does not support preemption.

Only ASA Active/Active failover or multicontext mode supports preempt when configured under failover group as follows:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1885649

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1048966