Adding CONNECTION to Active Standby icons
Using N73, how do I add Connection to the icons on Active Standby apps. Connection is in Settings represented by a globe sign.
I do think that you can add anything below 'Settings' as a Standby icon. If you chose 'Settings' though you only have one more level to reach 'Connections'
To change your Active Standby icons, go to Menu/Tools/Settings/General/Personalisation/Standby Mode/Active Standby apps. Then select the Shortcut you want to edit and pick from the list, before selecting OK.
History: Always Nokia since 1994 including Nokia 2140, 7110e, 6150, 6210, 6310i, 6230i, N82
Current: Nokia N8 (Anna - I have no intention of going to Belle) - and delighted with it!
Similar Messages
-
What is best conection string for application to connect to active standby
I have setup a primary db and an active standby database on two servers in different city.
Now for people to test it, what is the best tnsnames strings I should provide to them?
Plus how do I test it?
Thanks in advance.Hello;
What you are looking at Transparent Application Failover for Data Guard. ( Way cool idea if you decide to use it )
Example
ernie =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = Primary.server.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = Standby.server.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = ernie)
)The DBMS_SERVICE.CREATE_SERVICE will let create an alias for database which can be used on both servers so the end user never sees a failover.
The rough outline is
1. Create the service
BEGIN
DBMS_SERVICE.CREATE_SERVICE('ernie','ernie');
END;
/2. Start the service
BEGIN
DBMS_SERVICE.START_SERVICE('ernie');
END;
/3. default parameters can now be set for 'ernie'.
BEGIN
DBMS_SERVICE.MODIFY_SERVICE
('ernie',
FAILOVER_METHOD => 'BASIC',
FAILOVER_TYPE => 'SELECT',
FAILOVER_RETRIES => 200,
FAILOVER_DELAY => 1);
END;
/4. Finally a database STARTUP trigger should be created to ensures that this service is only offered if the database is primary.
CREATE TRIGGER CHECK_ERNIE_START AFTER STARTUP ON DATABASE
DECLARE
V_ROLE VARCHAR(30);
BEGIN
SELECT DATABASE_ROLE INTO V_ROLE FROM V$DATABASE;
IF V_ROLE = 'PRIMARY' THEN
DBMS_SERVICE.START_SERVICE('ernie');
ELSE
DBMS_SERVICE.STOP_SERVICE('ernie');
END IF;
END;
/A complete document is available here :
http://uhesse.wordpress.com/2009/08/19/connect-time-failover-transparent-application-failover-for-data-guard/
Best Regards
mseberg -
2 * 4260 Sensors connected to Active/standby FWSM in 6500
4260 Sensors connected to Active/ Active firewalls
I have the following scenario:
We have two edge firewalls with Active/ standbye setup connected directly to two core switches5600. New two IPS sensor s4260 are required to be connected inline between the FWSM and core switches. What is the best practice design for such a scenario? Does the below diagram work fine in this case or another design is applicable?
we use vlan paringre you using Inline Interface Pair or VLAN Pair?
we will use Vlan Pair
What is the expected throughput of the Network?
100 mb/s
Are these WAN firewalls or Internet?
wan firewall (FWSM)
Are there any server farms?
conected 6500 -
- the airplay icon is completely gone! I've reset apple tv, checked home sharing is on, checked my wifi connection is active, no firewalls, but still no luck? any suggestions would be greatly appreciated:)
What IOS and OS are you using Elissa. I think from your post it used to work but has dropped off, is that correct or has it never worked? If it did wotk has anything changed? Check your wifi use with sopmething like istumbler to see if it is being used by neighbours etc?
-
N97 Active Standby net connection
My N97 will only connect using a 'WAP' (2G) connection for the active standby apps (i.e. facebook accuweather etc.) How can I get it to lose that preference and start using the 'internet' (3G) connection instead?
Cheers.Ok, I have discovered why it's doing it, The settings in the web browser were pointing it to look through the WAP AP list rather than the Internet AP list. Even though it was offering me an Internet AP to go online through the browser and OVI store. I have corrected this and restored my settings.
Message Edited by phischy on 14-Aug-2009 01:10 PM -
Nokia 7373 - Adding active standby content not in ...
Hi,
I just bought a Nokia 7373 which I find to be quite cool ! One of the features I like is the ability to display the calendar in the active standby mode. However it only displays calendar appointments, but not todo list entries or any other customizable option.
Is there any way that I can show also the todo list in the active standby mode ?
Cheers,
JoelThere is no way to show also the todo list in the active standby mode.
You could add To-do to the shortcuts (top line in active standby) to get faster access to to-do items. -
Active Standby Pair Clustering.
Hi Chris, I had created ActiveStandby Pair as follows:
Server 1 => DSN: TTCluster1
Server 2 => DSN: TTCluster2.
Then I created ActiveStandby Pair in Server1, Started RepAgent and then Duplicated the DSN on Server 2 with name TTCluster 2. It worked fine.
Now to access it from the client server mode, I created Client DSN on Client machine using Virtual IP. (Using Linux Cluster Manager).
But inthis case I had to create two client DSN. TTCluster1Client and TTCluster2client. Since Application can connect to only one DSN and shifting to other while failover is very difficult.
So I am trying following model now, Let me know your views on this.
Server 1 and Server 2, both will have same DSN name "TTCluster".
Client Machin will have only one DSN "TTClusterClient" using VIP.
When the Server1 failes, Server 2 will take over and there is no need of shifting client DSN. Application will be routed to Server 2 after switch over.
Step1: created server DSN "TTCluster" on Server 1 and Server 2.
Step2: created user 'ttcluster' on Server 1 and Server 2.
Step3: Create DataStore TTCluster on Server 1. (By connecting to TTCluster).
Step4: Create Cache Groups (AWT) on Server1.
Step5: Started Cache Agent on Server1.
Step6: Created ActiveStandby Pair on Server1 as follows:
CREATE ACTIVE STANDBY PAIR
TTCluster ON "wabtectimesten.patni.com",
TTCluster ON "wabtectimesten2.patni.com"
RETURN TWOSAFE
STORE TTCluster PORT 20000 TIMEOUT 120;
Step8: executed ttrepstateset('ACTIVE') on server1.
Step9: Started Replication Agent on Server1.
Step10: Duplicated DataStore on Server2.
Issues:
Server2 is not coming up as Standby. The log on Server1 shows following messages:
15:19:33.83 Warn: REP: 8671: TTCLUSTER:receiver.c(1723): TT16060: Failed to read data from the network. select() timed out
15:19:37.09 Err : REP: 8671: TTCLUSTER:receiver.c(3428): TT16142: Failed to retrieve peer information. No peers found
15:19:37.09 Err : REP: 8671: TTCLUSTER:transmitter.c(5523): TT16229: Transmitter thread failure due to lack of state consistency at subscriber store _ORACLE
Question:
While creating replication scheme I have mentioned.
STORE TTCluster PORT 20000 TIMEOUT 120;
I need to define the timeout for both DataStores. How will I do that?
The above timeout will be applicable for which datastore??
Can you please let me know if I am going in the right direction???Hi Tanweer,
When designing a monitoring scheme for TimesTen one has to bear a few things in mind (though not all will be relevant in every case):
1. There could be multiple 'instances' of TimesTen installed on a machine. Each instance is completely independent and must be monitoried separately.
2. Each instance has a 'main daemon' (timestend) that is the instance master supervisor. If this daemon is running and healthy then the 'instance' is considered to be 'up' and 'healthy'.
3. Each instance can manage multiple datastores. Each datastore is independent from the others and so each datastore must be monitored separately.
4. Each datastore may be using replication and/or cache connect. If so, these must also be monitored as well as the datastore since it is perfectly possible e.g. for the datastore to be healthy but for replication to be 'down'.
Depending on your requirements, your monitoring mechanism must 'model' this structure and relationships...
- If the instance main daemon is not running, or is not responding, then the entire instance is 'down' and all datastores managed by the instance should also be considered as 'down'
- If a datastore goes down (e.g. call invalidate), other stores in the instance are not affected and neither is the main daemon for the instance. They will continue to operate normally.
- A datastore may be healthy in itself but maybe replication or cache connect for the datastore is not healthy. Do you then consider the datastore as down? That depends on your applications requirements!
Hopefully this helps to clarify the interrelationship of components. Crashing a datastore by calling 'invalidate' does not crash the daemon (if it does then that is a bug!).
For monitoring the instance (main daemon) there are a few options:
1. ps -ef | grep timestend. This can detect if the daemon process is running but not if it is healthy...
2. Connect to a datastore. Every connect/disconnect request is processed via the main daemon so if the daemon is not healthy this will result in some error (usually a 'cannot communicate with the daemon' error). However, connect/disconnect are relatively expensive so you don't want to do this too often.
3. Have a monitoring process that maintains an open connection to the instance level datastore (DSN=TT_<instancename>). Periodically (as often as required within reason) it can execute the built in procedure ttDataStoreStatus() passing it the pathname of the instaance datastore checkpoint files (obtainable from the built in procedure ttConfiguration). This procedure communicates with the main daemon so will either return success (meaning daemon is okay) or an error (daemon is in big trouble).
If you have to do the test from a script then I would suggest that (2) is best but if you can do it from a continually running monitoring process then (3) is better.
For monitoring a datastore the best way to ascertain overall health is as follows:
1. Have a dummy table in the datastore. And as part of the check update a row in th dummy and commit the transaction. If this returns success then this shows that the datastore is up and able to service update requests (which means it is also okay for read requests).
2. You should also monitor the available space in the datastore and warn someone or something if the free space gets too low. You can query space allocation, current usage and high watermark usage from the SYS.MONITOR table. You can also configure TimesTen to generate SNMP traps and/or return warnings to applications if space usage exceeds some configured threshold. The objective is to take proactive action to prevent the datastore becoming full since that will require more disruptive corrective action.
For monitoring replication you should periodically:
1. Check that the datastore's repagent is running (you can do this using ttDatastoreStatus)
2. Check the status of each replication peer by calling ttReplicationStatus and checking the values of pstate (should be 'start') logs (if this value increases over time then the peer is in some kind of trouble) and lastMsg (if there is no message from the peer for a long time then it may be in some kind of trouble).
3. Sometimes an easier way is to have a dummy table set up for synchronous replication and do an update+commit for a row in that table. if replicatioin is working the commit will return within a few ms at most. If you get a timeout error returned that tells you that replication is in trouble,
To monitor cache connect is not so easy at present.
For AWT cache groups, the same monitoring as is used for replication is okay).
For SWT cache groups, if the sync to Oracle is not working every commit will get an error (so that's kind of obvious).
For AUTOREFRESH cache groups it's a bit harder. There is currenyly no supported way to determine when the last successful autorefresh occurred. I am hoping this capability will be added in a future release.
Sorry if that is a bit long winded - I hope it helps...
Chris -
ASA 5520: Configuring Active/Standby High Availability
Hi,
I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.
I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).
I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is 10.1.70.1/24 and secondary is 10.1.70.2/24. The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of 10.1.70.2 and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.
I tried this using a crossover cable to connect the interfaces directly with the same result.
Any ideas?
Thanks.
DanThe command Varun is right.
Since you want to know a little bit more about this stuff, here goes a bit. Every interface will have a secondary IP and a Primary IP where the Active/Standby pair will exchange hello packes. If the hellos are not heard from mate, the the unit is delcare failed.
In case the primary is the one that gets an interface down, it will failover to the other unit, if it is the standby that has the problem, the active unit will declare the other Unit "standby failed). You will know that everything is alright when you do a show failover and the standby pair shows "Standby Ready".
For configuring it, just put a secondary IP on every interface to be monitored (If by any chance you dont have an available secondary IP for one of the interfaces you can avoid monitoring the given interface using the command no "monitor-interface nameif" where the nameif is the name of the interface without the secondary IP.
Then put the commands for failover and stateful link, the stateful link will copy the connections table (among other things) to avoid downtime while passing from One unit to another, This link should have at least the same speed as the regular data interfaces.
You can configure the failover link and the stateful link in just one interface, by just using the same name for the link, remember that this link will have a totally sepparate subnet from the ones already used in firewall.
This is the configuration
failover lan unit primary
failover lan interface failover gig0/3
failover link failover gig0/3
failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
failover lan unit secondary
failover lan interface failover gig0/3
failover link failover gig0/3
failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
Make sure that you can ping each other secondary/primary IP and then put the command
failover first on the primary and then on the secondary.
That would fine.
Let me know if you have further doubts.
Link for reference
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
Mike -
Cisco ASA Active standby failover problem
We have configured ASA Active standby failover with ASA5505 . When primary unit power off, secondary unit became active. when primary unit power on, then primary unit is becoming active again. i think for active standby setup there is no preemption. The real issue is when primary ASA became active after power on all the external connectivity getting down. Please see the below config,
ASA01# show run
ASA01# show running-config
: Saved
ASA Version 8.2(5)
hostname ASA01
enable password PVSASRJovmamnVkD encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.1.1 MPLS_Router description MPLS_Router
name 192.168.2.1 SCADA_Router description SCADA_Router
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 2
interface Ethernet0/3
interface Ethernet0/4
switchport access vlan 3
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.8 255.255.255.0 standby 192.168.3.9
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.8 255.255.255.0 standby 192.168.1.9
interface Vlan3
description LAN Failover Interface
ftp mode passive
clock timezone AST 3
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip any host MPLS_Router
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any 192.168.2.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
failover
failover lan unit primary
failover lan interface FAILOVER Vlan3
failover key *****
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route-map Route_Out permit 1
match ip address inside_access_in outside_access_in
match interface inside
route outside 0.0.0.0 0.0.0.0 MPLS_Router 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
http authentication-certificate inside
http authentication-certificate outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password eY/fQXw7Ure8Qrz7 encrypted
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1a8e46a787aa78502ffd881ab62d1c31
: endI suggest removing the failover configuration on both units and then re-add them, and then test.
Primary
failover lan interface FAILOVER Vlan3
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover lan unit primary
failover key KEY
failover
Secondary
failover lan interface FAILOVER Vlan3
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover lan unit secondary
failover key KEY
failover
Please remember to select a correct answer and rate helpful posts -
ASA failover with 1 AIP SSM in Active/Standby?
I have a customer with two ASAs; in Active/Standby. They want to purchase one AIP. Will failover (without the AIP functionality) to the Standby work if the AIP is configured for Promiscuous mode? Thanks, Bob
The only connection to the SSM that can be done internally through the ASA is a "session". This is an internal telnet to the SSM and can be used to access the SSM's CLI.
This is very usefull when you manage your SSM directly through the CLI.
However, most customers prefer to use a graphics based tool like IDM, ASDM, or CSM for managing the configuration of the SSM, and prefer to use a graphics based tool like IEV or CS MARS for monitoring of the alerts from the SSM.
All of these graphics based tools need network access to the SSM through a web port (https on port 443 by default). Access to this port is not allowed internally through the ASA direct to the SSM.
All web connections must be made to the External Management interface of the SSM.
If you are not using all 4 of your ASA interfaces you could choose to wire the External SSM interface directly to one of your ASA interfaces, and create a small subnet for the ASA and IPS IP Addresses. So then all external connections to the SSM would be routed into the ASA, then out of the ASA, and into the external port of the SSM.
That subnet of just the ASA and SSM could be made using a network reserved for local IPs (like a 10, or 172, or 192 network) and then use NAT/PAT for translation on the other network interfaces of the ASA.
But it does still require that wire connected to the external port of the SSM. -
E71-1 - No inbox/notification in active standby
In the past days I have tried to configure any kind of information about my primary email account for the active standby/home screen. The email account works fine (imap-idle account), receiving emails works fine, but other than the @-symbol in the top-right corner (when new emails are available) no information about the inbox or any indication about new emails are displayed on the home screen.
In the mode-config I selected the email account to be displayed on the home screen, and no matter what option I choose in the email notification 1 details (headers only, headers with popup, headers with unread etc.) nothing at all is shown. I have seen screen shots where at least a bubble notification is shown (for new emails) and also at least a link with the account name. The way it is now I have a really hard time keeping track of my (new) emails, because I really have to open my inbox every time to be sure.
I have tried every imaginable configuration detail, the manual is no help at all, and I didn't find any information in any forums about this problem. Is this a software bug? Has anybody experienced this? Is there a solution?I've been experiencing the same issue where that active standby plugin wouldnt show a notification. But I *THINK* I have it figured out from the clues in this discussion. This post is to benefit any other people googling for the solution. To my knowledge, this method will enable you to have the single line email notication on your Active Standby aka homescreen (where your calendar and meetings show up) in the format of Gmail (6). I believe the catch is you need to have less than 999 emails in your inbox. As a workaround you need to archive all extra emails in your Gmail inbox. A disclaimer: I am not 100% on this, so I will give you as much detail to replicate my scenario where it works, so adjust it for your own situation
I went through various deletes of my Gmail account in the Email settings area of the NATIVE messaging app (where text messages are).
If you look at Messaging --> Options --> Settings --> Other
There is a setting called "Number of saved msgs." I figured out the maximum of this to be 999. In my opinion this setting is talked about saved SENT messages (the setting above it is called "Save sent messages" Yes/No). Set this number to 999.
I assumed this 999 number of messages to be the limit for all emails out of a hunch. I went into my Gmail account on the web and pretty much archived a lot of emails except the recent ones. Archiving your emails does not delete them, but rather stores them outside of the inbox and are still searchable within Gmail. I made sure the number of emails in my inbox were under 900.
Next, I followed the steps we all know to put in a Gmail account via IMAP via the setup email wizard and some minor tweaking in the settings dialogs (Messaging --> Options --> Settings --> Email --> Gmail --> Connections Settings --> Both Incoming e-mail and Outgoing e-mail sections) using the guide: Symbian S60 - Gmail Help
It might also be worth it to set your "Access point in use" for both incoming and outgoing servers.
Under
Messaging --> Options --> Settings --> Email --> Gmail --> User Settings --> New e-mail alerts should be ON
Under
Messaging --> Options --> Settings --> Email --> Gmail --> Retrieval Settings --> there are no necessary changes (the next section will override settings related to retrieval amount and cause ALL emails to be retrieved.). Note that putting folder subscriptions may put you over the 999 limit. I don't know if the 999 limit applies to each folder or to ALL emails as a whole. If you do put folder subscriptions, the next section setting will automatically also override the # of emails from folders retrieved to be ALL as well. Experiment at your own risk.
Under
Messaging --> Options --> Settings --> Email --> Gmail --> Automatic Retrieval:
Email notifications -- Disabled (you can only have one or the other and email retrieval is more important than this unknown and ill defined setting)
Email retrieval -- Enabled or "only in home network" (more options will appear now regarding scheduling. Pick your frequency according to how long you want your battery to last and how important your emails are). If you choose "only in home network" I am inclined to believe that it will only use the access point you described earlier in "Connection Settings"
Out of this menu,
Under
Messaging --> Options --> Settings --> Email
Make sure your default mailbox is Gmail
If you go into Modes (Modes--> Home screen apps --> Enabled apps) at this point and try to put the "Email 1 notification" as active, and go into "Email 1 notification's " settings, and try to set your mailbox to Gmail, it will tell you to connect first. So lets do that and hope it works
So go to Messaging --> Gmail --> Options --> Connect and watch it retrieve headers of your emails from Gmail. Make sure that theres 1 or 2 *NEW* emails before downloading for testing out the Active Standby plugin's temperment.
Go into Modes while it is retrieving the headers of your emails
Modes --> Home screen apps --> Enabled Apps --> and select "Email 1 notification"
Go back into
Modes --> Home screen apps --> Go into the new "Email 1 Notification" setting there
Mailbox: Gmail
Preview: You have a choice of three
Header only -- shows your mailbox's name and # of unread mails on homescreen -- eg: Gmail (3)
Header and popup -- show the header described above in 1 line, plus when you hover over it, a preview of your emails in a bubble that includes Sender, Subject, and Date. To me, this is the most useful
Header and unread -- Shows the header described above in 1 line, and in a 2nd line shows the most recent unread email's Sender, subject, and date
Assuming you've put a audio tone for email alerts in Profiles --> Whichever profile --> Customize --> Email alert tone
Then once you head back to your home screen and once the email retrieval finishes, you should hear a audio sound, and see Gmail (3).
Good luck -
Active/Standby Failover with pair of 5510s and redundant L2 links
Hi
I just got two ASA5510-SEC-BUN-K9 and I'm wondering is it possible to implement an Active/Standby Failover configuration (Routed mode) with two ASA5510 and redundant pair of switches from both inside and outside interfaces? In other words, I would like to have two L2 links from each ASA (in pair od ASAa) to each L2 switch (in pair of redundant L2 Switches). The configuration I would like to achive is just like one in Cisco Security Appliance Command Line Configuration Guide, page B-23, figure B-8, with only difference that I wouldn't go with multiple security contexts (I want Active/Standby failover).
Thanks in advance
Zoran MilenkovicHello Zoran,
Absolutely. You can have 2 ASAs configured in Active/Standby mode. For reference, here is a link which has a network connectivity diagram based on PIX, however, connectivity would still be same with ASAs-
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1053462
The difference is that on ASA, you can only have LAN-Based failover, hence you'll need to use one additional interface on both ASAs for failover-link. You can connect these two failover-link interfaces directly using a cross cable.
Apart from this, please refer to following link on how to go with configuration of Lan-based Active/Standby failover-
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1064158
Also make sure that both ASAs have required hardware/software/license based on following link-
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1047269
Hope this helps.
Regards,
Vibhor. -
Active/Standby Failover Config change
Hi everyone,
This weekend we are doing some change on ASA in Active/Standby mode.
We will power off standby ASA.
Do some changes on Active ASA save the changes and reboot it.
Power up the Active ASA and will test the connectivity if it is working or not .
In case Active ASA is not working as expected after the change i will power it off.
Power up Standby ASA then it will become active as expected.
Now if i Power up other ASA where changes were made will it synchnorize to old config from Standby ASA or not?
Last week we did some changes on Active ASA and it did not work as expected so we have to undo our change.
Need to make sure our backup plan is working?
Regards
MaheshIn your fall back scenario you would have to tell what was the secondary ASA that it is now the primary
change
failover lan unit secondary
to
failover lan unit primary
and vice-versa on the now primary ASA.
change
failover lan unit primary
to
failover lan unit secondary
Hope it helps -
Active-Standby -Client-Site VPN
Dear Experts.
We have Cisco two ASA 5550 which is configured in Active-Standby mode but client-site VPN is not working when secondary unit becomes active. Failover status is showing as " Secondary Active" when primary unit is active all client-site VPN connections are working fine. Both ASA's has 7.2(3) IOS image and DES, 3DES/AES license enables.
We are getting following error messages
IPSEC: Deleted outbound permit rule, SPI 0xBFA351A9
Rule ID: 0x059C3060
IPSEC: Deleted outbound VPN context, SPI 0xBFA351A9
VPN handle: 0x00227DFC
Jan 09 13:23:52 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Removing peer from peer table failed, no match!
Jan 09 13:23:52 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Error: Unable to remove PeerTblEntry
Please adviseOne of the things that I have seen that can cause symptoms like this is to not have some files in flash of the backup ASA. In particular I suggest that you check for files related to the client VPN. So get the output of show flash from the primary ASA and from the backup ASA and compare them.
HTH
Rick -
I have selected Active Standby as my preference on my N82, however I would like to be able to select different options on the list because I have no interest in either 'Share online' or 'Search Internet and my Content'
Is it possible to change these?
History: Always Nokia since 1994 including Nokia 2140, 7110e, 6150, 6210, 6310i, 6230i, N82
Current: Nokia N8 (Anna - I have no intention of going to Belle) - and delighted with it!Thanks but I have already changed those settings and the 6 applications running across the top are the ones I have set up. The ones I want to remove are listed below those icons and I do not know how they are changed or if it is actually possible to change them.
In addition to the ones that I want to remove, there is
- a summary of the calendar
- WLAN status.
I am quite happy with these 2 it is the other 2 entries I want to be able remove.
History: Always Nokia since 1994 including Nokia 2140, 7110e, 6150, 6210, 6310i, 6230i, N82
Current: Nokia N8 (Anna - I have no intention of going to Belle) - and delighted with it!
Maybe you are looking for
-
Adobe Creative Suite 5 Web Premium won't launch on Mac
I use 13 inch MacBook Air. I downloaded Adobe Creative Suite 5 Web Premium from my college. It has Flash, Photoshop, Dreamweaver, Fireworks and Illustrator CS5. But only Flsh and Dreamweaver launch when I click them. When I click Photoshop and Illust
-
ITunes miniplayer not appearing in taskbar Windows 7 64-bit
I am currently trying to add the little miniplayer in my taskbar, but it does not seem to work. When I right-click my taskar and I go to Properties>Toolbars>Check iTunes and click Apply and close. When I re-open iTunes and minimize it, it does not ap
-
Can't install free trial of Muse
I'm trying to install a free trial of Muse in MAC OS X 10.6.8. But it gives me an error message as the folloing: What could be the problem?
-
Why does illustrator crash every time I chose fonts?
Whenever I work in illustrator everything is fine until I go to chose any font but Myriad. The minute I look for different fonts, it crashes. Can anyone help?
-
Wi-Fi to your iPhone does not work with the knowledge that I have worked Restart for the same purpose network does not work What is the solution please help as soon as