I have configure the poll to 3 seconds,but the switchover time is still too long for our application,and up to 20 icmp packets will be lost ,all application has to be reinitialized.

Hi .. make sure the switcports where the PIXes interfaces are connected is configured as portfast. in that way if the failover ocurrs then the port changes to forwarding state inmediatly .. otherwise it will wait for about 30 seconds before transmitting data. Also if you are using LAN based failover .. remember that even thought it overcome the 6feet distance limitation compared to serial cable , however it is slower. Also make sure you have configured stateful failover as well - failover link - If using LAN based failover it is recommended you use a dedicated interface.

Please rate if you find this info useful

Hi,

I'm currently fiddlig with two ASA-5520 boxes, with 7.1(2)7, tied together via LAN stateful failover. I modified the parameter "failover polltime interface 3", but still, when I disconnect the ethernet cable from an interface of the active ASA, it takes 10-12 secs the cluster to switch to standby ASA. This time seems to be too high ... Has anybody reached a better time in LAN based failover ?

And the second question -- during this failover, an admin connection (telnet, ssh) from the inside segment to the inside interface is broken and must be reestablished. I expected the connection to survive. Why does not it ? Is it due to the fact that stateful failover does not transfer user auth info between boxes ?

Thanks,

ixf