Filter
Top Products
15-3
Cisco ASDM User Guide
OL-16647-01
Chapter 15 High Availability
Understanding Failover
• Commands entered in the system execution space are replicated from the unit on which failover
group 1 is in the active state to the unit on which failover group 1 is in the standby state.
• Commands entered in the admin context are replicated from the unit on which failover group 1 is in
the active state to the unit on which failover group 1 is in the standby state.
Failure to enter the commands on the appropriate unit for command replication to occur will cause the
configurations to be out of synchronization. Those changes may be lost the next time the initial
configuration synchronization occurs.
In an Active/Active failover configuration, failover occurs on a failover group basis, not a system basis.
For example, if you designate both failover groups as active on the primary unit, and failover group 1
fails, failover group 2 remains active on the primary unit, while failover group 1 becomes active on the
secondary unit.
Note When configuring Active/Active failover, make sure that the combined traffic for both units is within the
capacity of each unit.
Stateless (Regular) Failover
Stateless failover is also referred to as regular failover. In stateless failover, all active connections are
dropped when a failover occurs. Clients need to reestablish connections when the new active unit takes
over.
Stateful Failover
Note Stateful Failover is not supported on the ASA 5505 series adaptive security appliance.
When Stateful Failover is enabled, the active unit in the failover pair continually passes per-connection
state information to the standby unit. After a failover occurs, the same connection information is
available at the new active unit. Supported end-user applications are not required to reconnect to keep
the same communication session.
Note The IP address and MAC address for the state and LAN failover links do not change at failover.
To use Stateful Failover, you must configure a state link to pass all state information to the standby unit.
If you are using a LAN failover connection rather than the serial failover interface (available on the PIX
security appliance platform only), you can use the same interface for the state link as the failover link.
However, we recommend that you use a dedicated interface for passing state information the standby
unit.
The following information is passed to the standby unit when Stateful Failover is enabled:
• NAT translation table.
• TCP connection table (except for HTTP), including the timeout connection.
• HTTP connection states (if HTTP replication is enabled).
• H.323, SIP, and MGCP UDP media connections.
• The system clock.