There are a few problems that can trigger a failover: CSCts98806 Standby ASA 5585 Reporting Service Card Failure on Signature Update CSCtx92801 ASA: Failover due to data channel failure when making IPS config changes CSCud41702 IPS: After IPS config change, a false failover occurs with the ASA
Cisco has an enhancement to overcome these limitations: CSCsm81086 Allow user to exclude the status of the SSM or SSP from failover checks Regards, Antonio Soares, CCIE #18473 (R&S/SP) amsoa...@netcabo.pt http://www.ccie18473.net -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ryan West Sent: quinta-feira, 21 de Fevereiro de 2013 14:11 To: Scott Voll; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASA IPS Module SSM-20 in Failover Reboot Scott, On Thu, Feb 21, 2013 at 08:50:02, Scott Voll wrote: > Subject: [c-nsp] ASA IPS Module SSM-20 in Failover Reboot > > I just installed a couple SSM-20's in my ASA's. install was a little > less that I had hoped as the backup came online with the module and > the Primary didn't have the module yet. So we will just say we had a > little down time (ever so brief). > > my question now becomes, how do I reboot one of these modules without > the ASA failing over to the backup? I don't want to knock off all my > VPN users. > I think you need to treat it like a zero downtime upgrade. Fail over to the secondary firewall, reload the module on the old primary and fail back after state is synced up. You should not lose VPN authentications during a failover. IPsec RA, L2L, webvpn, and SVC sessions should stay intact between failovers. -ryan _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/