Asr-group feature in active/standby mode

Hi ,
I would like to know if anyone had used asr-group freature in active/standby mode. Is it not recommended by cisco for active/standby mode ? The feature works in both environment.
Thanks in advance
Tomy

Hi Tomy,
The asr-group feature on the ASA is only supported in Active/Active failover:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_active_active.html#wp1271955
-Mike

Similar Messages

  • How to tell if Active/active or Active/Standby mode is configured?

    Folks:
    I am still learning the output of my running config, but how do I tell if my firewall is set to Actve/Active or Active/Standby mode?
    In addition, how do I tell if it uses regular or stateful failover mode?
    Thank you

    I wanted to provide this as well, since I found it and it also helped me answering my question.
    This output shows Active/Active failover output.
    **Note** it says PIX; however, I beleive it will be the same output for ASA.
    PIX1(config-subif)#show failover
    Failover On
    Cable status: N/A - LAN-based failover enabled
    Failover unit Primary
    Failover LAN Interface: LANFailover Ethernet3 (up)
    Unit Poll frequency 15 seconds, holdtime 45 seconds
    Interface Poll frequency 5 seconds, holdtime 25 seconds
    Interface Policy 1
    Monitored Interfaces 4 of 250 maximum
    Version: Ours 7.2(2), Mate 7.2(2)
    Group 1 last failover at: 06:12:45 UTC Apr 16 2007
    Group 2 last failover at: 06:12:43 UTC Apr 16 2007
      This host:    Primary
      Group 1       State:          Active
                    Active time:    359610 (sec)
      Group 2       State:          Standby Ready
                    Active time:    3165 (sec)
                      context1 Interface inside (192.168.1.1): Normal
                      context1 Interface outside (172.16.1.1): Normal
                      context2 Interface inside (192.168.2.2): Normal
                      context2 Interface outside (172.16.2.2): Normal
      Other host:   Secondary
      Group 1       State:          Standby Ready
                    Active time:    0 (sec)
      Group 2       State:          Active
                    Active time:    3900 (sec)
                      context1 Interface inside (192.168.1.2): Normal
                      context1 Interface outside (172.16.1.2): Normal
                      context2 Interface inside (192.168.2.1): Normal
                      context2 Interface outside (172.16.2.1): Normal

  • Single AIP-SSM in Cisco ASA Failover Active / Standby Mode

    Hi,
    I can add single AIP-SSM on Cisco ASA in failover active / standby mode?

    No, both units need the same hardware, that includes the installed modules.
    Sent from Cisco Technical Support iPad App

  • Stop/start in PGW active/standby mode

    Hi all
    My VOIP Network has 2 PGW in active/standby mode. But when we add more telco, the state of ss7path is OOS. i must stop/start the PGW and ss7path is IS status.
    Now PGW is running services. it processing many call with other telco.
    i have question need to support.
    When we stop/start PGW,has PGW disconnected all call or not?
    Thank for supporting
    PhaiLQ

    If you restart the service on active pgw, calls are disconnected. If you don't want out of services you must pass the control to the standby server first.
    From mml console of active server use the command:
    rtrv-ne    to check the status, the output is:
        MGC-01 - Media Gateway Controller 2010-09-07 16:53:42.655 MEST
    M  RTRV
       "Type:MGC"
       "Hardware platform:sun4u sparc SUNW,Sun-Fire-V240"
       "Vendor:"Cisco Systems, Inc.""
       "Location:MGC-01 - Media Gateway Controller"
       "Version:"9.6(1)""
       "Platform State:ACTIVE" 
    sw-over::confirm to swich control to standby server
    now restart the service
    /etc/init.d/CiscoMGC stop
    /etc/init.d/CiscoMGC start
    P.S. If I remember the right way, the OOS (out of service) state of new ss7 path can be set in IS (in service) via mml command line without service restart.
    set- your ss7 path ::IS   use tab for help
    Regards.

  • Calendar entries in Active Standby mode

    A double question, but both are closely related.
    In Active Standby mode it shows upcoming calendar entries for today and future ones.
    Q1) Can someone clarfify does it only show 1 entry for future events, since I have placed 2 entries for tomorrow and 1 for the day after. But only 1 (the first) appears in Active Standby.
    Q2) I THINK IS A BUG!! It does not show Anniversary as future events in Active Standby. It only appears when it is on the day (bit late if you need to buy a present!).
    Any comments
    Andrew
    Device: N70
    Version: V 2.0536.0.2 12-09-05 RM-84

    I think this is by design. Not quite sure what the basis is of what is included and what is not. Items from the current day seem to show up in greater numbers than in future days.
    All About Symbian - News, reviews and software for S60 phones.

  • E5-00 Active Standby Mode

    I have a Nokia E5
    I have tried to experiment with the Modes function, whereby you can have one profile for business and another for personal.
    The first time I went into Modes (from the control panel), I was asked to go into "Active Standby Mode", which I did.   Now everything has changed and I am not sure whether I like it.
    Is it possible to get back to how I was before - i.e. before I went into Active Standby Modes ?

    Hi,
    No unfortunately the only way of doing this will be from the app shortcuts. There is to my knowledge no way of doing this automatically. Might be there is an ext. developed app that I do not know of.
    BR, PerLs

  • 6288 - Active Standby Mode menu lost

    Hello,
    The Active Standby Mode menu has disappear from
    Menu-Settings-Standby Mode Settings.
    I can't access this setting any more.
    My firmware version is 6.10.
    Thanks for any advices.
    JeromeMessage Edited by hidje on 21-Jul-200707:37 AM

    I have the same problem. I don't know if I'll use that option but is annoing that I can't activate it. I have software version 6.10 and in display-standby option first submenu is wallpaper (not active standby setting).
    Does anyone fixed this BUG?

  • ASA Active/Standby mode and Hello messages

    Hi Everyone,
    On ASA  Active/Standby mode  i know thatsay inside or any other interface of active and standby ASA should connect to same switch and vlan.
    When we assign say ip address to inside interface of both ASA like
    ip address 192.168.x.1 255.255.255.0 standby 192.168.x.2 255.255.255.0
    Need to know if these inside interface talk to each other or not?
    Do they send hello messages?
    Thanks
    MAhesh

    Hi Mahesh,
    The ASA Active/Standby Failover pair uses both the dedicated Failover interface and the actual Data interfaces to monitor the "health" of the Failover pair.
    The units send Failover hello messages and wait for a reply to determine if the other unit is alive or not.
    By default all Physical interfaces are automatically monitored. To my understanding Logical interfaces such as Trunk interfaces are NOT monitored by default. You will have to configure monitoring for each subinterface of the Trunk that you want to be monitored.
    You would use the command
    monitor-interface
    Check the Command Reference section for this
    http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/m.html#wp2123112
    I would also suggest reading the following section of the Configuration Guide
    http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1079010
    It has information of the Unit and Interface health monitoring of the Failover pair.
    If you want to debug Failover activity you could use the command
    debug fover
    It has multiple additional parameter after that command
    Here is the Command Reference section for the debug command
    http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d1.html#wp2093011
    You can even attach a computer on the switch between the ASAs and capture the packets between them an you can see the Failover messages etc from the ASAs
    - Jouni

  • Step to prep CSC SSM on ASA Active/Standby mode

    Hi all, 
    I am trying to setup Active/Standby HA mode for my site.
    Currently the site was installed with one unit ASA firewall with CSC-SSM module, the second unit is the new unit ready to be setup.
    My question:
    01. My concern is second unit CSC-SSM, what is the proper procedure or step need to prep it?
    Is it need to prep the CSC-SSM before the ASA in HA mode Or it will auto propagate the configuration when both unit in HA mode?
    What else need to concern? am i need to setup different IP for the CSC-SSM management interface?
    Thanks
    Noel

    Hello Yong,
    Configuration related to the CSC or SSM modules will never get propagated so you will basically need to configure it manually.
    Also it's not like if the Config on both modules is different failover will fail but ofcourse you wanna have the same one
    IP addresses for each of the modules will be dedicated ones. Remember that failover will fail if one box has the CSC and the other not.
    Looking for some Networking Assistance? 
    Contact me directly at [email protected]
    I will fix your problem ASAP.
    Cheers,
    Julio Carvajal Segura
    http://laguiadelnetworking.com

  • E61i Active Standby Mode

    Does anyone have any idea if I can get the icons on my phone to show at the bottom of the screen instead of the top.

    It's not possible without the use of an alternative desktop.
    With the built in one your only choices are to have them at the top or not have them at all.
    You might want to look at this program as it's an alternative desktop that allows you to change it's layout:
    http://www.symbian-freak.com/news/008/02/gdesk_beta_for_s60_3rd_ed.htm

  • Active/Standby And failover link configuration mode

    Hi everyone,
    When config failover  link of ASA  in Active Standby mode.
    When we config failover int say gi0/1
    config t
    int gi0/1
    failover lan int gi0/1
    Need to confirm we do this from interface config mode  only or we can do this from global config also ????????
    Whe we assign IP to this int we do that from global config mode ????
    Regards
    Mahesh
    Message was edited by: mahesh parmar
    Message was edited by: mahesh parmar

    Hi,
    Actually the ASA lets you insert a lot of command what ever mode you are under.
    In the output you posted is a very important thing to notice
    configure mode commands/options:
      WORD  Specify the interface name
    As you can see, the output lists only one option and before that it mentions that this is a "configure mode" command
    So even if you entered the command under the interface configuration mode, it would still be entered as a global/configure command mode.
    Take the following thing for example
    I want to check what configuration options I have with the command "failover"
    So I enter the following to my ASA
    ASA(config)# failover ?
    configure mode commands/options:
      interface              Configure the IP address to be used for failover and/or
                                  stateful update information
      interface-policy    Set the policy for failover due to interface failures
      key                       Configure the failover shared secret or key
      lan                       Specify the unit as primary or secondary or configure the
                                   interface and vlan to be used for failover communication
      mac                      Specify the virtual mac address for a dynamic interface
      polltime                Configure failover poll interval
      timeout                 Specify the failover reconnect timeout value for
                                   asymmetrically routed sessions
    exec mode commands/options:
      active          Make this system to be the active unit of the failover pair
      exec            Execute command on the designated unit
      reload-standby  Force standby unit to reboot
      reset           Force a unit or failover group to an unfailed state
    As you can see, the ASA tells us that there are different additional command parameters after the "failover" command that can be used. Some of them can be used either in Exec or Configuration mode.
    - Jouni

  • ASA 8.2 8.4 9.1 possible with no downtime as we run active/standby?

    Hello,
    We have 2 x ASA 5520s (with 2GB mem) in active/standby mode, they also include the IPS modules.
    The current firmware is 8.2 and I was wondering if it is possible to upgrade these firewalls with no downtimes?  In the past I have upgraded the standby ASA, rebooted it and then made it the active ASA then upgraded the new standby ASA.
    I have have quite a lot of NAT Exempts (No-NATs?) and a few static NATs, how did you approach this during your upgrades?
    I guess I can roll back as the 8.2 firmware will still be on the flash and I will have the config?
    Thanks

    Yeah it's supported:
    Release Notes for the Cisco ASA Series, 9.1(x)
    http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp732442
    This document has the information that you need; it talks about the requirements and zero downtime procedure.
    But you need to take a lot of considerations that you can reference in the document:
    https://supportforums.cisco.com/docs/DOC-12690
    If you don't mind me asking why are you upgrading?
    Because of a fix or feature?

  • Best practice for ASA Active/Standby failover

    Hi,
    I have configured a pair of Cisco ASA in Active/ Standby mode (see attached). What can be done to allow traffic to go from R1 to R2 via ASA2 when ASA1 inside or outside interface is down?
    Currently this happens only when ASA1 is down (shutdown). Is there any recommended best practice for such network redundancy?  Thanks in advanced!

    Hi Vibhor,
    I test ping from R1 to R2 and ping drop when I shutdown either inside (g1) or outside (g0) interface of the Active ASA. Below is the ASA 'show' failover' and 'show run',
    ASSA1# conf t
    ASSA1(config)# int g1
    ASSA1(config-if)# shut
    ASSA1(config-if)# show failover
    Failover On
    Failover unit Primary
    Failover LAN Interface: FAILOVER GigabitEthernet2 (up)
    Unit Poll frequency 1 seconds, holdtime 15 seconds
    Interface Poll frequency 5 seconds, holdtime 25 seconds
    Interface Policy 1
    Monitored Interfaces 3 of 60 maximum
    Version: Ours 8.4(2), Mate 8.4(2)
    Last Failover at: 14:20:00 SGT Nov 18 2014
            This host: Primary - Active
                    Active time: 7862 (sec)
                      Interface outside (100.100.100.1): Normal (Monitored)
                      Interface inside (192.168.1.1): Link Down (Monitored)
                      Interface mgmt (10.101.50.100): Normal (Waiting)
            Other host: Secondary - Standby Ready
                    Active time: 0 (sec)
                      Interface outside (100.100.100.2): Normal (Monitored)
                      Interface inside (192.168.1.2): Link Down (Monitored)
                      Interface mgmt (0.0.0.0): Normal (Waiting)
    Stateful Failover Logical Update Statistics
            Link : FAILOVER GigabitEthernet2 (up)
            Stateful Obj    xmit       xerr       rcv        rerr
            General         1053       0          1045       0
            sys cmd         1045       0          1045       0
            up time         0          0          0          0
            RPC services    0          0          0          0
            TCP conn        0          0          0          0
            UDP conn        0          0          0          0
            ARP tbl         2          0          0          0
            Xlate_Timeout   0          0          0          0
            IPv6 ND tbl     0          0          0          0
            VPN IKEv1 SA    0          0          0          0
            VPN IKEv1 P2    0          0          0          0
            VPN IKEv2 SA    0          0          0          0
            VPN IKEv2 P2    0          0          0          0
            VPN CTCP upd    0          0          0          0
            VPN SDI upd     0          0          0          0
            VPN DHCP upd    0          0          0          0
            SIP Session     0          0          0          0
            Route Session   5          0          0          0
            User-Identity   1          0          0          0
            Logical Update Queue Information
                            Cur     Max     Total
            Recv Q:         0       9       1045
            Xmit Q:         0       30      10226
    ASSA1(config-if)#
    ASSA1# sh run
    : Saved
    ASA Version 8.4(2)
    hostname ASSA1
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface GigabitEthernet0
     nameif outside
     security-level 0
     ip address 100.100.100.1 255.255.255.0 standby 100.100.100.2
     ospf message-digest-key 20 md5 *****
     ospf authentication message-digest
    interface GigabitEthernet1
     nameif inside
     security-level 100
     ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
     ospf message-digest-key 20 md5 *****
     ospf authentication message-digest
    interface GigabitEthernet2
     description LAN/STATE Failover Interface
    interface GigabitEthernet3
     shutdown
     no nameif
     no security-level
     no ip address
    interface GigabitEthernet4
     nameif mgmt
     security-level 0
     ip address 10.101.50.100 255.255.255.0
    interface GigabitEthernet5
     shutdown
     no nameif
     no security-level
     no ip address
    ftp mode passive
    clock timezone SGT 8
    access-list OUTSIDE_ACCESS_IN extended permit icmp any any
    pager lines 24
    logging timestamp
    logging console debugging
    logging monitor debugging
    mtu outside 1500
    mtu inside 1500
    mtu mgmt 1500
    failover
    failover lan unit primary
    failover lan interface FAILOVER GigabitEthernet2
    failover link FAILOVER GigabitEthernet2
    failover interface ip FAILOVER 192.168.99.1 255.255.255.0 standby 192.168.99.2
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-715-100.bin
    no asdm history enable
    arp timeout 14400
    access-group OUTSIDE_ACCESS_IN in interface outside
    router ospf 10
     network 100.100.100.0 255.255.255.0 area 1
     network 192.168.1.0 255.255.255.0 area 0
     area 0 authentication message-digest
     area 1 authentication message-digest
     log-adj-changes
     default-information originate always
    route outside 0.0.0.0 0.0.0.0 100.100.100.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 10.101.50.0 255.255.255.0 mgmt
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh 10.101.50.0 255.255.255.0 mgmt
    ssh timeout 5
    console timeout 0
    tls-proxy maximum-session 10000
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username cisco password 3USUcOPFUiMCO4Jk encrypted
    prompt hostname context
    no call-home reporting anonymous
    call-home
     profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    crashinfo save disable
    Cryptochecksum:fafd8a885033aeac12a2f682260f57e9
    : end
    ASSA1#

  • Nokia 7373 - Adding active standby content not in ...

    Hi,
    I just bought a Nokia 7373 which I find to be quite cool ! One of the features I like is the ability to display the calendar in the active standby mode. However it only displays calendar appointments, but not todo list entries or any other customizable option.
    Is there any way that I can show also the todo list in the active standby mode ?
    Cheers,
    Joel

    There is no way to show also the todo list in the active standby mode.
    You could add To-do to the shortcuts (top line in active standby) to get faster access to to-do items.

  • Active-Standby -Client-Site VPN

    Dear Experts.
    We have Cisco two ASA 5550 which is configured in Active-Standby mode but client-site VPN is not working when secondary unit becomes active. Failover status is showing as " Secondary Active" when primary unit is active all client-site VPN connections are working fine. Both ASA's has 7.2(3) IOS image and DES, 3DES/AES license enables.
    We are getting following error messages
    IPSEC: Deleted outbound permit rule, SPI 0xBFA351A9
    Rule ID: 0x059C3060
    IPSEC: Deleted outbound VPN context, SPI 0xBFA351A9
    VPN handle: 0x00227DFC
    Jan 09 13:23:52 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Removing peer from peer table failed, no match!
    Jan 09 13:23:52 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Error: Unable to remove PeerTblEntry
    Please advise

    One of the things that I have seen that can cause symptoms like this is to not have some files in flash of the backup ASA. In particular I suggest that you check for files related to the client VPN. So get the output of show flash from the primary ASA and from the backup ASA and compare them.
    HTH
    Rick

Maybe you are looking for

  • Write Message in Job Log from FM

    Hi everyone, I´m having an issue trying to find the way to write a message in job log. I´ve read a lot of solutions but I can't find anyone that describes how to do it from a function module. What i'm saying is that all the answers focus on reports a

  • Time Machine will not backup to my external Hard Drive even though it works on another Mac

    I have a WD My Book Studio Edition II that backs up perfectly fine on my iMac 2008 ,but when it comes to my Mac Pro 2001 it just comes up with a "Calculating size..." Message that goes on forever.

  • Web reference WSDL not conforming to SOAP standard

    I built a web service based on the BAPI_FLIGHT_GETLIST function module using the "create web service" wizard. The generated web service endpoint is active in SOAMANAGER transaction. When I try to generate a proxy class in Visual Studio 2005 using the

  • Compact RIO and LabVIEW run time

    Dear All, Good Morning. We are developing a new experimental setup which will have different components, such as mass spectrometer, pressure transducers, valves and thermocouples, RTDs. We are currently having LabVIEW 8.6 Run time. We would like to c

  • Applet not displaying in IE but working well by  jbuilder

    I m trying to open applet in IE but it is not displaying but it is working well when i run it through jbuilder ....in IE it give these exception in java consol java.lang.ArrayIndexOutOfBoundsException: -1      at PicMsgComposer.setModels(PicMsgCompos