Hi,

I manage a pair of ASAs (8.4 asdm 6.4) and am having trouble with traffic going thru a tunnel.  It was recommended to me that perhaps a reboot is in order.  I found the instructions at http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/admin_swconfig.html#wp1355970 (which I followed without actually upgrading the IOS, as all I wanted was both devices to reboot - one at at time without causing connection resets) but when I attempted it, the device that rebooted was always the same IP.  My question is at step  3 "when standby unit has finished reloading and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the following command on the active unit.

active# no failover active

But there is a note "Use show failover command to verify that the standby unit is in the standby ready state"  which I did. 

This is the result of show failover from the 0.5 (primary) unit BEFORE issuing no failover active:

Last Failover at: 05:32:10 EST Feb 9 2012

        This host: Primary - Active

                Active time: 3732124 (sec)

                slot 0: ASA5510 hw/sw rev (2.0/8.4(3)) status (Up Sys)

                  Interface management (192.168.200.249): No Link (Not-Monitored)

                  Interface outside (63.146.180.5): Normal (Monitored)

                  Interface inside (172.16.0.5): Normal (Monitored)

                  Interface DBDMZ (192.168.60.5): Normal (Monitored)

                  Interface WEBDMZ (192.168.50.5): Normal (Monitored)

                slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)

        Other host: Secondary - Standby Ready

                Active time: 0 (sec)

                slot 0: ASA5510 hw/sw rev (2.0/8.4(3)) status (Up Sys)

                  Interface management (0.0.0.0): Normal (Not-Monitored)

                  Interface outside (63.146.180.6): Normal (Monitored)

                  Interface inside (172.16.0.6): Normal (Monitored)

                  Interface DBDMZ (192.168.60.6): Normal (Monitored)

                  Interface WEBDMZ (192.168.50.6): Normal (Monitored)

                slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)

So far so good.  Then I entered (on the PRIMARY-ACTIVE unit) the command no failover active and I got the following:

NMEC-ASA5510-COLOVA# sho failover

Failover On

Failover unit Secondary

Failover LAN Interface: failover Ethernet0/0 (up)

Unit Poll frequency 500 milliseconds, holdtime 3 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 110 maximum

Version: Ours 8.4(3), Mate 8.4(3)

Last Failover at: 11:02:26 EDT Mar 23 2012

        This host: Secondary - Active

                Active time: 140 (sec)

                slot 0: ASA5510 hw/sw rev (2.0/8.4(3)) status (Up Sys)

                  Interface management (192.168.200.249): No Link (Not-Monitored)

                  Interface outside (63.146.180.5): Normal (Monitored)

                  Interface inside (172.16.0.5): Normal (Monitored)

                  Interface DBDMZ (192.168.60.5): Normal (Monitored)

                  Interface WEBDMZ (192.168.50.5): Normal (Monitored)

                slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)

        Other host: Primary - Standby Ready

                Active time: 3732178 (sec)

                slot 0: ASA5510 hw/sw rev (2.0/8.4(3)) status (Up Sys)

                  Interface management (0.0.0.0): Normal (Not-Monitored)

                  Interface outside (63.146.180.6): Normal (Monitored)

                  Interface inside (172.16.0.6): Normal (Monitored)

                  Interface DBDMZ (192.168.60.6): Normal (Monitored)

                  Interface WEBDMZ (192.168.50.6): Normal (Monitored)

                slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)

  Thinking all was well, I now issued (from the same 172.16.0.5 unit) the reload command.  Unfortunately my continuous pings to .0.5 and .0.6 show that 0.6 rebooted AGAIN!?! 

Can someone tell me what I am doing wrong? 

Thanks,

Sue