Showing results for 
Search instead for 
Did you mean: 


lan connection timeout after ASA reload

hi guys

i have 2 asa 5520 HA .

i have a problem ..

whenever reload this asa my lan users for tcp and udp and icmp  connection is time out , and i force restart users pc , and after restart ok ...

but without restart my connection timeout


please help .


Jouni Forss



Sounds to me like Statefull Failover is not in use? I mean that the Active firewall is not passing the connection state information to the Standby firewall so it will have all the up to date information about the connections on the Active unit.


You can always log into the Standby unit and issue the "show conn" command and see if there are any connections listed on that unit, IF not then the unit is not received the state information and when the Failover happens every connection formed through the Active ASA has to be formed again by the users/servers.


You can always share your Failover configuration. You can use the command "show run failover" on both ASAs to list the Failover configuration.


Hope this helps :)


- Jouni

i check failover configuration ,,, i think its ok configuration ,,

i attach to u my configuraton



It seems to suggest somekind of problem between the ASA firewalls as the "comm failure" is listed.


What does the "show failover" command show?


Have you checked both the GigabitEthernet0/2 and GigabitEthernet0/3 links on both units and the network between the ASA units through those interfaces? I think you should go through those interfaces and the network segment between the ASAs and confirm that there is a working Failover/Statefull link between the ASAs.


Did you log into the Standby ASA and check the output of "show conn". If you got connections active through the Active ASA and the Standby ASA does not have anything in its connection table then you have a problem with the Failover setup.


- Jouni



Recognize Your Peers
Content for Community-Ad