If you are running in Active/Active mode and having a shared interface, thumb rule is to enable mac-address auto in the system context. Alternatively you will have to assign manual distinct mac address in the individual contexts to the redundant interface. This will ensure the ASA classifier rules are satisfied.
If either of the above is not done, by default the redundant interface uses the physical mac address of the first member interface (note: not the active member interface) if I remember right. So when you shut down one ASA both the contexts become active on the alive ASA. Since the definition of the redundant interface is the same in both contexts and now on the same device, the physical mac address of the first member interfaces comes back in the ARP response. Hence the behavior you are seeing on R2. Also a good practice when using Active / Active mode is to setup failover groups X, Y and make one primary and other secondary with the pre-empt feature enabled. What this does is allows you redundancy as well load balancing. Once the other device comes up switchover for loadbalancing automatically happens. - R Shenai
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
