Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
920
Views
0
Helpful
2
Replies

ASA5510 H/A Active Stand By

Go to solution
Ahmad Khalifa
Level 1
Level 1

‎02-08-2014 02:38 AM - edited ‎03-11-2019 08:42 PM

Hello

     i just wannan be Sure About the ASA H/A behavior when is failover

     i have 2 Unit ASA5510 Security plus running on Active Stand by , and on the Unit itself i configure 2 Redundant Interfaces so one is active and the      other one remain Stand by, so when the priamry unit Mintoration see that one of the one of the Redundant Interface is Fail do is it switch to the      Secondary interface or its atcive the Stand by Unit based on the Primary interface to be Acive.

     check the Attached file to Gain more information about my Design

Labels:
Preview file
197 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-08-2014 03:36 AM

Ahmad

If the active redundant interface fails then the backup interface on the active firewall takes over. It does not trigger a failover to the standby ASA. Only when both interfaces have failed on the active firewall will it fail over to the standby firewall. From the 8.4 and later configuration guide -

You can monitor redundant or EtherChannel interfaces for failover using the monitor-interface command; be sure to reference the logical redundant interface name. When an active member interface fails over to a standby interface, this activity does not cause the redundant or EtherChannel interface to appear to be failed when being monitored for device-level failover. Only when all physical interfaces fail does the redundant or EtherChannel interface appear to be failed (for an EtherChannel interface, the number of member interfaces allowed to fail is configurable).

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1326437

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-08-2014 03:36 AM

Ahmad

If the active redundant interface fails then the backup interface on the active firewall takes over. It does not trigger a failover to the standby ASA. Only when both interfaces have failed on the active firewall will it fail over to the standby firewall. From the 8.4 and later configuration guide -

You can monitor redundant or EtherChannel interfaces for failover using the monitor-interface command; be sure to reference the logical redundant interface name. When an active member interface fails over to a standby interface, this activity does not cause the redundant or EtherChannel interface to appear to be failed when being monitored for device-level failover. Only when all physical interfaces fail does the redundant or EtherChannel interface appear to be failed (for an EtherChannel interface, the number of member interfaces allowed to fail is configurable).

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1326437

Jon

0 Helpful

Go to solution
Ahmad Khalifa
Level 1
Level 1
In response to Jon Marshall

‎02-08-2014 04:55 AM

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card