Hi ,

am useing firewall ASA 5500 Version 8.2

infact there is an error is apperaing in firewall which is ( WARNING: Failover enabled but the failover interface configuration is incomplete Failover will not take effect until the interface is fully configured)

You would need to share your configuration for us to know what config is missing.

What type of failover are you trying to configure? stateful or stateless failover?

Yes, you are missing 1 line of configuration, hence you are getting that error message about incomplete failover configuration.

Here is what needs to be configured for failover to be functional:

failover lan interface GigabitEthernet0/2

Hope this helps.

thanks ,

but how to conifgure this failover in the firewall i mean what is the steps becouse i am not good at the firewall configuration i am afraid to do something wrong & if i do this what will happened !!?

and please tell me how to disable the SLL VPN .

thanks,

thanks so much it helps .

would please see the below status of failover , i have done the step which tell me , but still it shows warring

Failover On
Failover unit Primary
Failover LAN Interface: not Configured
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 8.2(1), Mate Unknown
Last Failover at: 19:47:19 MSK/MDD Jul 8 2010
This host: Primary - Disabled
  Active time: 0 (sec)
  slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)
    Interface outside (85.154.241.134): Normal (Waiting)
    Interface inside (10.10.1.1): Normal (Waiting)
    Interface state (0.0.0.0): Normal (Waiting)
    Interface MGMT (192.168.150.6): Normal (Waiting)
  slot 1: ASA-SSM-20 hw/sw rev (1.0/6.2(1)E3) status (Up/Up)
    IPS, 6.2(1)E3, Up
Other host: Secondary - Not Detected
  Active time: 0 (sec)
  slot 0: empty
    Interface outside (85.154.241.132): Unknown (Waiting)
    Interface inside (10.10.1.2): Unknown (Waiting)
    Interface state (0.0.0.0): Unknown (Waiting)
    Interface MGMT (0.0.0.0): Unknown (Waiting)
  slot 1: empty

Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/2 (down)
Stateful Obj  xmit       xerr       rcv        rerr     
General  0          0          0          0        
sys cmd   0          0          0          0        
up time   0          0          0          0        
RPC services   0          0          0          0        
TCP conn  0          0          0          0        
UDP conn  0          0          0          0        
ARP tbl   0          0          0          0        
Xlate_Timeout   0          0          0          0        
VPN IKE upd  0          0          0          0        
VPN IPSEC upd  0          0          0          0        
VPN CTCP upd  0          0          0          0        
VPN SDI upd  0          0          0          0        
VPN DHCP upd  0          0          0          0        
SIP Session  0          0          0          0        

Logical Update Queue Information
     Cur  Max  Total
Recv Q:  0  0  0
Xmit Q:  0  0  0

SMC-ADMIN-FW-ASA-5520#
WARNING: Failover enabled but the failover interface configuration is incomplete
Failover will not take effect until the interface is fully configured

Please kindly ensure that gig0/2 is connected on both Primary and Secondary ASA firewall.

At this stage, the status is "Link : failover GigabitEthernet0/2 (down)"

Please share the output of the following from both Primary and Secondary ASA firewall:

show run failover

this is the out put of show failover for the first firewall

failover

failover lan unit primary

failover key *****

failover link failover GigabitEthernet0/2

failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2

this is the failover for the second firewall

SMC-ADMIN-FW-ASA-5520# show run fail

SMC-ADMIN-FW-ASA-5520# show run failover
no failover

& there is no cable between the two device on the port Gigabit Ethernet 0/2

Well, failover will not work if there is no cable between the 2 firewalls, and looks like the secondary firewall has also not been configured with the failover configuration.

To resolve this failover issue, the following must be

1) The failover interface on the firewall needs to be connected, either directly connected or via a switch. This will ensure that the firewall can communicate the failover messages over this interface. In your case, gig0/2 has been configured as the failover interface.

2) Once the cable has been connected, then you would need to configure and enable failover on the second firewall. Configuration is as follows:

ailover lan unit secondary

failover key

failover link failover GigabitEthernet0/2

failover interface ip failover 192.168.254.1 255.255.255.0 standby 192.168.254.2

failover

Hope this helps.

Just wanted to point out some people prefer not posting their usernames and public ip address on forums like this. You may also reach the same conclusion someday.

thanks for your attention , i will be be careful next time