ASA 5550 failover configuration

I have two identical ASA 5550 firewalls that I need to set up for Active/Standby failover so I can then upgrade them with zero downtime. I am running them in single, routed mode so I would have to configure failover for Active/Standby. Can I do a cable-based configuration? The documentation states that is only available on the PIX 500 Security Appliance. Going through the Support Community forums it appears I can. Who is right? If I can do cable-based configuration do I have to turn off the secondary ASA to do the inital configuration? Thanks much.

Hello James,
Yes, you can do cable-based (if you mean connect the devices via a cable without a switch.. That will not be a problem)
Cisco recommends use a switch between the units for troubleshooting purposes but it's not a MUST.
Configuration wise, same procesure nothing different so just follow the regular process.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at [email protected]
Cheers,
Julio Carvajal Segura

Similar Messages

ASA 5550 Transparent Active/Standby Configuration

Hello guys!
I am in the process of adding a new ASA 5550 as a standby box to an existing ASA 5550 running on transparent mode. Both are on version ASA 8.0(4) and ASDM 6.2(1). I have set the new ASA 5550 to transparent mode. The configurations are the following for the HA:
Primary ASA:
interface GigabitEthernet1/3
description LAN Failover Interface
media-type sfp
failover
failover lan unit primary
failover lan interface failover GigabitEthernet1/3
failover interface ip failover 192.168.1.1 255.255.255.0 standby 192.168.1.2
Secondary ASA:
interface GigabitEthernet1/3
description LAN Failover Interface
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet1/3
failover interface ip failover 192.168.1.1 255.255.255.0 standby 192.168.1.2
My questions are the following:
1. The management ip address is different than the ip used for the failover link. Since the firewalls are on transparent mode, does the failover ip needs to be the same as the management ip address?
2. Does any other additional config is needed for HA to work for basic active/stand-by failover?
3. Wich is the best method to add the second box without disrupting the active box?
Thanks in advance guys!

Hi Nephtali,
1. The aswer is no, it can be different.
2. You can optionaly add statefull failover config.
3. Issue the failover command on the primary device first, and then issue it on the secondary device. After you issue the failover command on the secondary device, the secondary device immediately pulls the configuration from the primary device and sets itself as standby. The primary ASA stays up and passes traffic normally and marks itself as the active device. From that point on, whenever a failure occurs on the active device, the standby device comes up as active.
Link to a config example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aefd11.shtml#Reg
Regards
Mariusz

ASA 5550 V05 Active/passive one stop work

Hello,
I have a client, that got 2x ASA 5550 V05 and they were configured to act as active/passive but some months ago they had problems with them, so they remove them from the network.
Recently, I went there, and saw that one of the firewall (the one that was as passive) is not working, when I connect via console and reboot it I don't even see nothing, the boot starts, but suddenly, nothing shows up.
The things is that the client wants to get back to use the ASAs, so is there any way to fix that?
As an alternative we were thinking in acquire another ASA, to configure the two as active/passive again, the ASA that its working is:
ASA 5550 V05 ; Cisco Adaptive Security Appliance Software Version 7.2(4) ; Device Manager Version 5.2(4) ; 8 Ports GB ( 4+4) ; asa724-k8.bin
My question is, I need an exactly the same model ASA?
I was thinking in put one ASA5555-2SSD120-K9. That would work?
Or should I try anything else? I don't have many skills with ASA specially troubleshooting it.
Thanks in advance

Hi Diogo,
The issue related to failed firewall could be related to a hardware issue, you may get some outputs from console session when the ASA is booting up. Try to boot up the firewall again, if this doesn´t work then you should open a TAC case so they can help you replacing the firewall(the ASA needs to be under an active contract).
Regarding ASA model and failover, both firewalls must be the same model(hardware).
See the below requirements for failover to work:
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/77809-pixfailover.html#req
Regards,
Harvey.
Please rate if this is correct answer.

Cisco ASA 5505 Failover issue..

Hi,
I am having two firewalls (cisco ASA 5505) which is configured as active/standby Mode.It was running smoothly for more than an year,but last week the secondary firewall got failed and It made my whole network down.then I just removed the connectivity of the secondary firewall and run only the primary one.when I login by console i found out that the failover has been disabled .So again I connected to the Network and enabled the firewall.After a couple of days same issue happen.This time I take down the Secondary firewall erased the Flash.Reloaded the IOS image.Configured the failover and connected to the primary for the replication of configs.It found out the Active Mate.Replicated the configs and got synced...But after sync the same thing happened,The whole network gone down .I juz done the same thing removed the secondary firewall.Network came up.I feel there is some thing with failover thing ,but couldnt fin out :( .And the firewalls are in Router Mode.

Please find the logs...
Secondary Firewall While Sync..
cisco-asa(config)# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 06:01:10 GMT Apr 29 2015
This host: Secondary - Sync Config
Active time: 55 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.246): No Link (Waiting)
Interface inside (10.11.0.20): No Link (Waiting)
Interface mgmt (10.11.200.21): No Link (Waiting)
slot 1: empty
Other host: Primary - Active
Active time: 177303 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.247): Unknown (Waiting)
Interface inside (10.11.0.21): Unknown (Waiting)
Interface mgmt (10.11.200.22): Unknown (Waiting)
slot 1: empty
=======================================================================================
Secondary Firewall Just after Sync ,Active (primary Firewall got rebootted)
cisco-asa# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate Unknown
Last Failover at: 06:06:12 GMT Apr 29 2015
This host: Secondary - Active
Active time: 44 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.246): Normal (Waiting)
Interface inside (10.11.0.20): No Link (Waiting)
Interface mgmt (10.11.200.21): No Link (Waiting)
slot 1: empty
Other host: Primary - Not Detected
Active time: 0 (sec)
slot 0: empty
Interface outside (27.251.167.247): Unknown (Waiting)
Interface inside (10.11.0.21): Unknown (Waiting)
Interface mgmt (10.11.200.22): Unknown (Waiting)
slot 1: empty
==========================================================================================
After Active firewall got rebootted failover off,whole network gone down.
cisco-asa# sh failover
Failover Off
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
===========================================================================================
Primary Firewall after rebootting
cisco-asa# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: e0/7 Vlan3 (Failed - No Switchover)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate Unknown
Last Failover at: 06:17:29 GMT Apr 29 2015
This host: Primary - Active
Active time: 24707 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.246): Normal (Waiting)
Interface inside (10.11.0.20): Normal (Waiting)
Interface mgmt (10.11.200.21): Normal (Waiting)
slot 1: empty
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: empty
Interface outside (27.251.167.247): Unknown (Waiting)
Interface inside (10.11.0.21): Unknown (Waiting)
Interface mgmt (10.11.200.22): Unknown (Waiting)
slot 1: empty
cisco-asa# sh failover history
==========================================================================
From State To State Reason
==========================================================================
06:16:43 GMT Apr 29 2015
Not Detected Negotiation No Error
06:17:29 GMT Apr 29 2015
Negotiation Just Active No Active unit found
06:17:29 GMT Apr 29 2015
Just Active Active Drain No Active unit found
06:17:29 GMT Apr 29 2015
Active Drain Active Applying Config No Active unit found
06:17:29 GMT Apr 29 2015
Active Applying Config Active Config Applied No Active unit found
06:17:29 GMT Apr 29 2015
Active Config Applied Active No Active unit found
==========================================================================
cisco-asa#
cisco-asa# sh failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Comm Failure 06:17:43 GMT Apr 29 2015
====Configuration State===
====Communication State===
==================================================================================
Secondary Firewall
cisc-asa# sh failover h
==========================================================================
From State To State Reason
==========================================================================
06:16:32 GMT Apr 29 2015
Not Detected Negotiation No Error
06:17:05 GMT Apr 29 2015
Negotiation Disabled Set by the config command
==========================================================================
cisco-asa# sh failover
Failover Off
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (down)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
ecs-pune-fw-01# sh failover h
==========================================================================
From State To State Reason
==========================================================================
06:16:32 GMT Apr 29 2015
Not Detected Negotiation No Error
06:17:05 GMT Apr 29 2015
Negotiation Disabled Set by the config command
==========================================================================
cisco-asa# sh failover state
State Last Failure Reason Date/Time
This host - Secondary
Disabled None
Other host - Primary
Not Detected None
====Configuration State===
====Communication State===
Thanks...

ASA failover: secondary ASA disabled failover on its own

Hi all
I have a failover pair of ASA 5520 (Software Version 8.2(4)4)
located in two different data centers.
Because of a network issue the layer 2 connection between both locations has been interrupted for a couple of seconds and the ASAs went into split-brain as one would expect them to do.
The thing is that after approx. 1 minute the secondary ASA switched off its failover configuration (i.e. "show run" gives "no failover") without anybody telling it to do so. Here is the "show failover history" of the device:
07:57:34 MESZ Aug 15 2011
Standby Ready              Just Active                HELLO not heard from mate
07:57:34 MESZ Aug 15 2011
Just Active                Active Drain               HELLO not heard from mate
07:57:34 MESZ Aug 15 2011
Active Drain               Active Applying Config     HELLO not heard from mate
07:57:34 MESZ Aug 15 2011
Active Applying Config     Active Config Applied      HELLO not heard from mate
07:57:34 MESZ Aug 15 2011
Active Config Applied      Active                     HELLO not heard from mate
07:58:03 MESZ Aug 15 2011
Active                     Cold Standby               Failover state check
07:58:18 MESZ Aug 15 2011
Cold Standby               Disabled                   HA state progression failed
At this point failover was switched off completely and the split-brain remained even after the layer-2-connection has been reestablished.
This is no good.:( I have searched for "HA state progression failed" without any useful result/explanation.
Why did the device switch off failover on its own and how can we assure that it won't do this again?
Best regards,
Grischa

Yes, only thing I needed to do was issuing "failover" on the secondary. It detected its active mate and went properly into standby:
09:16:18 MESZ Aug 15 2011
Disabled                   Negotiation                Set by the config command
09:16:19 MESZ Aug 15 2011
Negotiation                Cold Standby               Detected an Active mate
09:16:21 MESZ Aug 15 2011
Cold Standby               Sync Config                Detected an Active mate
09:16:31 MESZ Aug 15 2011
Sync Config                Sync File System           Detected an Active mate
09:16:31 MESZ Aug 15 2011
Sync File System           Bulk Sync                  Detected an Active mate
09:16:31 MESZ Aug 15 2011
Bulk Sync                  Standby Ready              Detected an Active mate
I guess we will go the TAC way if we encounter this situation a second time. This time we will be warned and know where to look at.
Is there really no documentation available of the "HA state progression failed" message? What does it mean and how is it triggered usually?
Regards,
Grischa

Cisco ASA 5520 Failover with DMZ

I have a pair of Cisco ASA 5520s running as a primary/standby. Everything is working properly with the primary ASA, however when I trigger a failover, everything works except for the DMZ interface on the standby ASA. I've poured over the configs, but perhaps I have been staring at them too long because I am just not seeing anything.
Below is the output of the sh run failover, sh failover, and sh run interface commands for each unit...
PRIMARY ASA
Primary-ASA# sh run failover
failover
failover lan unit primary
failover lan interface stateful1 GigabitEthernet0/3
failover key *****
failover link stateful1 GigabitEthernet0/3
failover interface ip stateful1 192.168.216.1 255.255.255.0 standby 192.168.216.2
Primary-ASA# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: stateful1 GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 20:39:23 CDT Sep 3 2013
This host: Primary - Active
Active time: 69648 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
     Interface outside (184.61.38.254): Normal
     Interface inside (192.168.218.252): Normal
     Interface dmz (192.168.215.254): Normal (Waiting)
     Interface management (192.168.1.1): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.0(3)E1) status (Up/Up)
     IPS, 6.0(3)E1, Up
Other host: Secondary - Standby Ready
Active time: 2119 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface outside (184.61.38.253): Normal
Interface inside (192.168.218.253): Normal
Interface dmz (192.168.215.252): Normal (Waiting)
Interface management (192.168.1.2): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.0(3)E1) status (Up/Up)
IPS, 6.0(3)E1, Up
Primary-ASA# sh run interface
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 184.61.38.254 255.255.255.128 standby 184.61.38.253
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.218.252 255.255.255.0 standby 192.168.218.253
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
ip address 192.168.215.254 255.255.255.0 standby 192.168.215.252
ospf cost 10
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
ospf cost 10
management-only
STANDBY ASA
Standby-ASA# sh run failover
failover
failover lan unit secondary
failover lan interface stateful1 GigabitEthernet0/3
failover key *****
failover link stateful1 GigabitEthernet0/3
failover interface ip stateful1 192.168.216.1 255.255.255.0 standby 192.168.216.2
Standby-ASA# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: stateful1 GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 20:39:23 CDT Sep 3 2013
This host: Secondary - Standby Ready
Active time: 2119 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface outside (184.61.38.253): Normal
Interface inside (192.168.218.253): Normal
Interface dmz (192.168.215.252): Normal (Waiting)
Interface management (192.168.1.2): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.0(3)E1) status (Up/Up)
     IPS, 6.0(3)E1, Up
Other host: Primary - Active
Active time: 70110 (sec)
      slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface outside (184.61.38.254): Normal
Interface inside (192.168.218.252): Normal
Interface dmz (192.168.215.254): Normal (Waiting)
Interface management (192.168.1.1): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.0(3)E1) status (Up/Up)
     IPS, 6.0(3)E1, Up
Standby-ASA# sh run interface
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 184.61.38.254 255.255.255.128 standby 184.61.38.253
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.218.252 255.255.255.0 standby 192.168.218.253
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
ip address 192.168.215.254 255.255.255.0 standby 192.168.215.252
ospf cost 10
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
ospf cost 10
management-only
Does anyone see something I might be missing? I am at a loss...

I'll just answer my own question...the configs are correct, but it the interface on the standby ASA was plugged into an improperly configured switchport. That'll do it everytime.

ASA 5550 IPv6 Compatibility

Hi All,
I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.
The existing infrastructure is equipped with ASA with HA Active/Active mode. The command output for required details are attached here in txt mode.
Thanks in Advance
Sujit

I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.
Here are some useful facts for you
IPv6 address command appeared on 7.0.1
IPv6 support on transparent mode appeared on 8.2.1
IPv6 address support for an standby interface ( failover) appeared on 8.2.2
In the latest 8.3 code support for L2L VPN for IPv6 scenarios have been added.
9.0(1) Features
OSPFv3 support.
DNS inspection.
NAT supported on IPv6 traffic and also from IPv4 to IPv6( From IPv4 to IPv6 NAT is not supported on Transparent Mode).
DHCP for IPv6 (DHCPv6) relay.
IPv6 VPN connections to its outside interface using SSL and IKEv2/IPsec protocols.
Remember to rate all of the helpful posts
Julio Carvajal

New ASA 5515x failover setup

Just an architecture setup question. We have purchased two 5515x ASA firewalls. I will be setting them up in a stateful failover setup. I know this sounds like a basic question but here goes. I am thinking we should get the first one working on my network and then install the failover ASA once the first one is working properly....? Any thoughts?

Hi,
Yes, you can just configure the single ASA first with the configurations and after its configurations are finished install the Secondary unit.
Naturally while you are configuring the Primary unit you should already setup the interfaces with a "standby" IP address under the interface configuration.
After you have setup the Primary ASA and made sure that for each of its interfaces/subinterfaces you have a L2 connection through the connecting networking devices to the Secondary ASAs corresponding interfaces/subinterfaces, then you are ready to install the Secondary ASA to the network.
What you could do on the Secondary ASA is that you remove its default factory configuration and then configure "no shutdown" on each physical interface that you are going to use. Then you could configure the required Failover configurations using the multiple different "failover" configuration commands. (You wont need to configure the actual physical port separately, just need to enable it with "no shutdown", the "failover" commands should handle the rest) After the physical interfaces are configured up and the "failover" commands are set up on the Secondary ASA (and naturally the Primary ASA) then you could basically save the configuration on the Secondary ASA, power down the Secondary ASA, connect it to the network and boot it up. It should then sync the configuration from the Primary ASA after it has booted up and noticed the Active unit (Primary ASA) through the Failover link. So you should not really need to configure the Secondary ASA a lot since it syncs majority of the configurations from the Primary ASA. Naturally the above "failover" configurations are required so the Failover link can be formed for the sync.
I have had to do this a couple of times lately because of broken down ASAs in Failover pairs. Naturally I would suggest that you take backups of the Primary ASAs configurations before you start setting up the Failover environment so that incase of some error in the setup you still have the configuration. Some people have mentioned the other unit wiping the others configuration but it has not happened to me atleast.
Hope this helps and that I made any sense :)
- Jouni

ASA 5550 - Two different syslogs servers

Hi to all.
In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it? All suggestions will be really appreciated. Thanks.

Hello,
While there is a limitation in the syslog server configurations, you could
use other logging methods to collect specific information. While it is not
very efficient method, if you are just concerned about login/logout messages
for security audit purposes, you could use email logging. You can create a
logging list and then send those messages to your email.
Example:
logging list mail message 111008
logging list mail message 111004
logging from-address
You can do similar things by sending specific log events to SNMP server as
well.
Hope this helps.
Regards,
NT

Warning: ORA-16829: fast-start failover configuration is lagging

Hi
I got waring for fast_start failover configuration
DGMGRL> show configuration
Configuration - activefailover_migdb
Protection Mode: MaxPerformance
Databases:
migdb - Primary database
Warning: ORA-16829: fast-start failover configuration is lagging
migdbdr - (*) Physical standby database
Warning: ORA-16829: fast-start failover configuration is lagging
Fast-Start Failover: ENABLED
Configuration Status:
WARNING
anybody please suggest solution for the same

Dear shd,
Please check the following link;
http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28419/d_dg.htm
*ORA-16829: lagging Fast-Start Failover configuration*
+DBMS_DG.INITIATE_FS_FAILOVER was invoked in a maximum performance fast-start failover configuration when the configuration was not in the user-specified redo lag limit.+
Oracle Error :: ORA-16829
fast-start failover configuration is lagging
Cause
The fast-start failover target standby database was not within the lag limit specified by the FastStartFailoverLagLimit configuration property. As a result, a fast-start failover could not happen in the event of a primary database failure.
Action
Ensure that the fast-start failover target standby database is running and applying redo data and that the primary database is successfully trasmitting redo data. If this condition persists consider raising the value of the FastStartFailoverLagLimit configuration property.
Ogan

Failover Configuration

For failover configuration with Oracle 9i I have used
two database in same m/c. and the listner.ora is as following :-
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC3))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = tcs052640)(PORT = 1521))
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = D:\oracle\ora_home)
(PROGRAM = extproc)
(SID_DESC =
(ORACLE_HOME = D:\oracle\ora_home)
(SID_NAME = SPACE)
(SID_DESC =
(ORACLE_HOME = D:\oracle\ora_home)
(SID_NAME = UIIVS2)
And TNS Entry which i have used in a m/c. which has only oracle client is like the following :-
PROD.WORLD =
(DESCRIPTION_LIST =
(FAILOVER = TRUE)
(LOAD_BALANCE = FALSE)
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = TCS052640)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = SPACE.WORLD)
(SERVER = DEDICATED)
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = TCS052640)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = UIIVS2.WORLD)
(SERVER = DEDICATED)
Now i am connected to SPACE from that m/c. which has only Oracle 9i client and then shutdown the database SPACE, but
after shutting down client is not dynamically connecting to the database UIIVS2,though I have written "FAILOVER = TRUE" in tnsnames.ora.
It is giving error like :-
ORA-12571: TNS:packet writer failure
ORA-03114: not connected to ORACLE
& when I am attempting test connection it is giving error
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
What more I have to do for connecting dynamically UIIVS2 when SPACE is down.
If the database located in separated m/c. is there anything more need to do.
Thanks in advance.

Guys,
have successfully done the failover, the failover parameter should be ON in the tns entries - thanks a lot for all of ur help.
Regards,
Prasenjit

ASA 5550 RESET

I have an ASA 5550 and the console port suddenly stopped allowing me to console and the management port no longer allows me to conole in. So that there is now question, The network cables and console cables work fine on other ASA's and network devices. I tried to reset the device by pushing the reset button but it doesn't appear to do anything, even after I reboot. Any help would be appreciated.

Hello Marco,
At this point it looks more like a hardware failure. Do you see the ASA lights green?
If you don’t have console access you may need to get a replacement unit via TAC or your reseller.
Regards,
Juan Lombana
Please rate helpful posts.

ASA 5550 Console (Serial) TACACS

I have a ASA 5550 running multiple contexts, but having the AAA authentication serial console (TACACS Server Name) LOCAL allows a tacacs challenge on connecting to the console but I am then unable to issue any commands i.e. enable or Show Run - message command autherixation failed
Has anyone setup console (serial) TACACS and got it working?
Thanks

Hi Simon,
The below are the commands which requires with respect to the console access.
aaa-server TACACS+ protocol tacacs+
aaa authentication serial console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
So you should have both serial console and enable console for you settings. If you have these settings in your firewall. Also please check in the tacacs server end if privelage level is set properly for the same.
Please do rate if the given information helps.
By
Karthik

ASA 55xx Series configuration

1) Is there any support provided for uploading our own custom login pages to the ASA appliance? e.g. flash embeded html page
2) Can the ASA appliance be configured to redirect the authentication to a specific URL (custom web server which will do some means of authentication) and if successfully authenticated then webserver will post the credentials back to the appliance. This way it will support multi-factor authentication.

Yes, I think there few support will provide for uploading our own custom login pages to the ASA appliance and you can redirect the authentication to a specific URL: for more information please click following URLs:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html

Removing Meeting Place 6 Audio Server Failover Configuration

Hi, I have an old MeetingPlace 6 system.
Issue - Intermittently users are getting static and dead-air experience. Looking at Call Manager CDR, the call is trying to route to offline audio server. I verified the IPGateways for failover Audio server configuration and did not find so.
Requirement - I would like to remove the failover configuration sine failover server is offline
Considerations - How do I do this? What do I have to consider?
Thanks in Advance,
Amish

Hi Andrew
I have looked at both the suggestions from you and jdedell12.
1. Shadow Server - there is nothing configured
2. H.323 on CUCM - I have two IP GW's configured. Nothing else relevant to Shadow server.
3. IP GW's - Checked GW SIM config
Interestingly enough, after the Audio server power cycle the issue fixes itself.....I have had this issue twice in the past 9 weeks....random behaviour.
If this occurs again, I am going to reconfigure the GW SIM in the IP GW's. Since IP GW's route the calls, I am thinking that there may be a bad configuration issue here. This is going to be the next area for look out.
Thoughts?
Thanks guys
Amish

ASA 5550 failover configuration

Similar Messages

Maybe you are looking for