EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1204 background imageLoading...
Page #1204 background image
57-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 57 Information About High Availability
Failover Feature/Platform Matrix
If an interface has only IPv6 addresses configured on it, then the adaptive security appliance uses IPv6
neighbor discovery instead of ARP to perform the health monitoring tests. For the broadcast ping test,
the adaptive security appliance uses the IPv6 all nodes address (FE02::1).
If all network tests fail for an interface, but this interface on the other unit continues to successfully pass
traffic, then the interface is considered to be failed. If the threshold for failed interfaces is met, then a
failover occurs. If the other unit interface also fails all the network tests, then both interfaces go into the
“Unknown” state and do not count towards the failover limit.
An interface becomes operational again if it receives any traffic. A failed adaptive security appliance
returns to standby mode if the interface failure threshold is no longer met.
Note If a failed unit does not recover and you believe it should not be failed, you can reset the state by entering
the failover reset command. If the failover condition persists, however, the unit will fail again.
Failover Feature/Platform Matrix
Table 57-3 shows the failover features supported by each hardware platform.
Failover Times by Platform
Table 57-4 shows the minimum, default, and maximum failover times for the Cisco ASA 5500 series
adaptive security appliance.
Table 57-3 Failover Feature Support by Platform
Platform
LAN-Based
Failover
Stateful
Failover
Active/Standby
Failover
Active/Active
Failover
Cisco ASA 5505 adaptive security appliance Yes No Yes No
Cisco ASA 5500 series adaptive security appliance
(other than the ASA 5505)
Yes Yes Yes Yes
Table 57-4 Cisco ASA 5500 Series Adaptive Security Appliance Failover Times
Failover Condition Minimum Default Maximum
Active unit loses power or stops normal operation. 800 milliseconds 15 seconds 45 seconds
Active unit main board interface link down. 500 milliseconds 5 seconds 15 seconds
Active unit 4GE card interface link down. 2 seconds 5 seconds 15 seconds
Active unit IPS or CSC card fails. 2 seconds 2 seconds 2 seconds
Active unit interface up, but connection problem
causes interface testing.
5 seconds 25 seconds 75 seconds

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals