57-7
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 57 Information About High Availability
Stateless (Regular) and Stateful Failover
Table 57-2 list the state information that is and is not passed to the standby unit when Stateful Failover
is enabled.
The following WebVPN features are not supported with Stateful Failover:
• Smart Tunnels
• Port Forwarding
• Plugins
• Java Applets
• IPv6 clientless or Anyconnect sessions
• Citrix authentication (Citrix users must reauthenticate after failover)
Note If failover occurs during an active Cisco IP SoftPhone session, the call remains active because the call
session state information is replicated to the standby unit. When the call is terminated, the IP SoftPhone
client loses connection with the Cisco CallManager. This occurs because there is no session information
for the CTIQBE hangup message on the standby unit. When the IP SoftPhone client does not receive a
response back from the Call Manager within a certain time period, it considers the CallManager
unreachable and unregisters itself.
For VPN failover, VPN end-users should not have to reauthenticate or reconnect the VPN session in the
event of a failover. However, applications operating over the VPN connection could lose packets during
the failover process and not recover from the packet loss.
Table 57-2 State Information
State Information Passed to Standby Unit State Information Not Passed to Standby Unit
NAT translation table The HTTP connection table (unless HTTP
replication is enabled).
TCP connection states The user authentication (uauth) table.
UDP connection states The routing tables. After a failover occurs, some
packets may be lost or routed out of the wrong
interface (the default route) while the dynamic
routing protocols rediscover routes.
The ARP table State information for Security Service Modules.
The Layer 2 bridge table (when running in
transparent firewall mode)
DHCP server address leases.
The HTTP connection states (if HTTP replication
is enabled)
Stateful Failover for phone proxy. When the
active unit goes down, the call fails, media stops
flowing, and the phone should unregister from the
failed unit and reregister with the active unit. The
call must be re-established.
The ISAKMP and IPSec SA table —
GTP PDP connection database —
SIP signalling sessions —
To Next Page
Loading...
Need help?
General
