Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

Cisco ASA Failover issue

lordazmodan
Level 1
Level 1

‎04-26-2013 05:27 PM - edited ‎03-11-2019 06:35 PM

Hello guys,

First of all, sorry for my poor english.

Let's see  if anyone can help me out in this one:

I´ve recently configured two Cisco ASA´s 5510 in a failover configuration, I´ve tested everything on my desk connecting the ASA´s trought a HP Switch with no VLAN´s configured, it worked pretty fine.

Later on I´ve depployed the firewalls to the datacenters, connecting them trought a 3COM 4800G Switch, the datacenters are interconnect by FO and it´s basically the same LAN. The 3COM 4800G Switch is configured in a stack, so for the firewalls is like to be connected to the same switch. Unique difference here is that the vlans is set accordingly to the needs.

All interfaces works well, however only the failover interface didn´t... I´ve tried to figure out but wasn´t unable to continue  right now and stayed in doubt about the failover limitations.

After checking out the Cisco documentation I´ve seen that only for serial connection in PIX, there is a distance limitation. In my depployment the firewalls are split from each other for like half mile.

Anyone has any idea why only the failover interface isn´t working well?

Thanks in advance!

Labels:
0 Helpful
2 Replies 2

Ajay Saini
Cisco Employee
Cisco Employee

‎04-30-2013 08:32 PM

You did not mention if you were able to ping across the failover link between the firewalls.

Anyways, please check the following portion from the configuration guide:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html#wp1091647

For optimum performance when using long distance  LAN failover, the latency for the failover link should be less than 10  milliseconds and no more than 250 milliseconds. If latency is more  than10 milliseconds, some performance degradation occurs due to  retransmission of failover messages.

-

HTH

AJ

0 Helpful

lordazmodan
Level 1
Level 1
In response to Ajay Saini

‎05-01-2013 05:45 AM

Hello Ajay,

I´ve managed to figure out what it was causing a failover disruption. The 3COM switch had his port configured as trunk with untagging in the proper vlan, however wasn´t working properly until I changed the port link type to ACCESS in the same vlan.

Since them the ASA´s were able to find each other and exchange failover info.

Thanks for the support!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card