Solved: Tried that, and it works as

ahmad82pkn · ‎03-01-2016

Hi, What happens when Cisco ASA Cross Failover Cable connected back to back between two ASA gets disconnected?

Will both become Active ?

if so how ARP will work? like from which ASA Traffic will pass?

i assume traffic will start dropping ? as both would be trying to retain primary IP considering them selves as Primary host active?

any explanation would be helpful.

Marius Gunnerud · ‎03-02-2016

When you say cross failover cable I am assuming you mean a crossover cable that you are using to connect the Active and Standby ASAs directly?

If so, then no traffic will not stop passing and the ASA's will still be in Active / Standby, so long as the interfaces connected to the LAN are opperational.

When the failover link goes down, the ASA sends keepalive packets out the monitored interfaces on the ASA to see if it really has lost connectivity with its peer. If connectivity is still there through the LAN interfaces then failover will not occur.

Now if none of the interfaces are "monitored" then you will end up having a split-brain situation.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Aditya Ganjoo · ‎03-02-2016

Hi Ahmad,

Yes in that case both the ASA's would act as active.

The fact that due to split brain both ASA, thinking of them as being the master, will be responding to the ARP requests with the same MAC address causing a MAC flapping in the network.

When you use a crossover cable for the LAN failover link, if the LAN interface fails, the link is brought down on both peers. This condition may hamper troubleshooting efforts because you cannot easily determine which interface failed and caused the link to come down.

Regards,

Aditya

Please rate helpful posts.

Marius Gunnerud · ‎03-02-2016