From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Sun Nov 30 2008 - 13:16:47 ARST
I'd second the advice to go for 8.0(4) first.
I have a failover pair of 5510 units but on 7.2(4) code, works fine when switching back and forth BTW.
A.
________________________________________
From: nobody@groupstudy.com [nobody@groupstudy.com] On Behalf Of Yahoo! [satandaemon@yahoo.com]
Sent: Saturday, November 29, 2008 2:43 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: ASA Failover
GS,
I've a problem with VPN failover on ASA (active/passive),
it works during failover from primary to secondary but when i test it by turning off secondary, every thing works but site to site VPNs, i've recent IOS code, show failover history doesn't show anything valuable,
tunnels can not establish even by clearing SA, i have to reload, it cant be IPS ssm cause it works from primary to secondary and having same config...
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
failover replication http
Version: Ours 8.0(3)6, Mate 8.0(3)6
Last Failover at: 12:41:18 UTC Nov 28 2008
This host: Primary - Active
Active time: 64098 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.0(3)6) status (Up Sys)
Interface outside : Normal
Interface wan : Normal
Interface dmz : Normal
Interface management : Normal
slot 1: ASA-SSM-40 hw/sw rev (1.0/6.0(4)E1) status (Up/Up)
IPS, 6.0(4)E1, Up
Other host: Secondary - Standby Ready
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST