I think I found my answer. Should have read the docs thoroughly first http://www.cisco.com/en/US/partner/docs/security/asa/asa80/configuration/gui de/ip.html#wp1090528 seems like the standby unit cannot get dynamic routes until a failover occurs. there is a section labelled dynamic routing and failover. Dynamic routes are not replicated to the standby unit or failover group in a failover configuration. Therefore, immediately after a failover occurs, some packets received by the security appliance may be dropped because of a lack of routing information or routed to a default static route while the routing table is repopulated by the configured dynamic routing protocols.
_____ From: [email protected] [mailto:[email protected]] On Behalf Of Shawn H Mesiatowsky Sent: Thursday, August 06, 2009 10:39 AM To: [email protected] Subject: [OSL | CCIE_Security] Dynamic Routing and ASA Failover I have configured an HA pair for 2 ASA devices. They are currently running OSPF. However, I noticed the standby does not participate in OSPF until it becomes active. This means that when the firewall fails over, the new active firewall does not contain any routes (except for statics which is replicated from the active firewall) until OSPF converges. Is there a way to have the secondary unit also participate in OSPF so the routing table is complete when a failover occurs? Thanks for your help
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
