Solved: Increase poll and hold timer on active/standby failover link - ASA

jasonku · ‎02-09-2023

We are currently using the ASA active/standby mode, but ASA randomly failover due to missed hellos on the failover link. Our current timer is 200ms poll and 800ms hold. I want to increase the timer. Do I need to update the timer on both active and standby ASAs or just need to update on active unit then it will sync the new timer? Is it going to create any downtime or short outage when I make the change on the timer?

Thank you!

This is the some output of "show failover history" command.

04:15:10 CST Feb 9 2023
Cold Standby Just Active HELLO not heard from peer
(failover link up, no response from peer)

04:15:11 CST Feb 9 2023
Just Active Active Drain HELLO not heard from peer
(failover link up, no response from peer)

04:15:11 CST Feb 9 2023
Active Drain Active Applying Config HELLO not heard from peer
(failover link up, no response from peer)

04:15:11 CST Feb 9 2023
Active Applying Config Active Config Applied HELLO not heard from peer
(failover link up, no response from peer)

04:15:11 CST Feb 9 2023
Active Config Applied Active HELLO not heard from peer
(failover link up, no response from peer)

==========================================================================

balaji.bandi · ‎02-09-2023

Changing timers not cause any issue, but make sure you make necessary timers as required, I would also check the Layer 2 link as stable.

as I had same issue change to as below for stability : (change according to your needs and monitor)

failover polltime interface msec 500 holdtime 5

some reference guide for timers.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/ha-failover.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎02-09-2023