Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
0
Helpful
5
Replies

EIGRP over Stateful Failover Link

Mitchell Theriot
Level 1
Level 1

‎08-15-2013 06:04 AM - edited ‎03-11-2019 07:26 PM

We have two ASA's in Active/Standby mode.  We were using static routing on the ASA to reach the subnets off the inside interface but decided to switch over to EIGRP.   I got EIGRP working on the active unit but when I removed the static routes from the firewall we lost connectivity to the standby unit.  I added the routes back so that I could access it and I noticed that the EIGRP routes were not being learned by the standby unit.  After researching this I found out this is due to us not having a stateful link configured in our failover.  After configuring this link the standby unit was now seeing dynamic routes so I again attempted to remove the static routes from the active unit.  Once again I lost connection to the standby because once the static was removed the standby did not populate it's routing table with the dynamic equivalent route.  Here is the process I had to go through to get it to work:

1. Add the static route back to the configuration.

2.Remove the stateful failover link

3. Delete the static route.

4. Add the stateful failover liink back.

When I did this the dynamic route was in the routing table on the standby.  Why does the standby unit not update its routing table properly when a stateful link is configured?  If there is another static route we want to remove because of an equivalent dynamic route being in the topology table, we have to first remove the stateful link before we delete it.                  

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2013 09:46 AM

What ASA software version are you running? Stateful failover support for dynamic routing protocols was only introduced as of 8.4(1). (Release notes)

0 Helpful

Mitchell Theriot
Level 1
Level 1
In response to Marvin Rhoads

‎08-15-2013 10:41 AM

We are running version 8.6 (1) 2

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mitchell Theriot

‎08-15-2013 10:54 AM

Hmm, 8.6(1) is based off the feature set in 8.4(2) so it should be supported. I don't see any open caveats published in the release notes for later versions that would apply.

I didn't ask earlier - are you running a single context?

0 Helpful

Mitchell Theriot
Level 1
Level 1
In response to Marvin Rhoads

‎08-15-2013 11:36 AM

Yes we are running single context mode

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mitchell Theriot

‎08-15-2013 11:49 AM

Well then all of the obvious solutions seem to be addressed. TAC time?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card