The interface health monitoring only takes 1/2 of the holdtime. The criteria of Unit health monitoring, is not receiving three consecutive hellos.
Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1042444 Unit Health Monitoring The security appliance determines the health of the other unit by monitoring the failover link. When a unit does not receive three consecutive hello messages on the failover link, the unit sends interface hello messages on each interface, including the failover interface, to validate whether or not the peer interface is responsive. The action that the security appliance takes depends upon the response from the other unit. See the following possible actions: •If the security appliance receives a response on the failover interface, then it does not fail over. •If the security appliance does not receive a response on the failover link, but receives a response on another interface, then the unit does not failover. The failover link is marked as failed. You should restore the failover link as soon as possible because the unit cannot fail over to the standby while the failover link is down. •If the security appliance does not receive a response on any interface, then the standby unit switches to active mode and classifies the other unit as failed. Interface Monitoring You can monitor up to 250 interfaces divided between all contexts. You should monitor important interfaces, for example, you might configure one context to monitor a shared interface (because the interface is shared, all contexts benefit from the monitoring). When a unit does not receive hello messages on a monitored interface for half of the configured hold time, it runs the following tests: With regards Kings On Mon, Apr 30, 2012 at 10:58 PM, Mike Rojas <[email protected]> wrote: > Hi, > > I have a couple of questions just starting lab 13 of IPexpert, In regards > of the failover Unit poll time, it says configure to be half of the > default. The solution says that the default is 1 second, which I tend to > differ: > > Unit Poll frequency 15 seconds, holdtime 45 seconds > Interface Poll frequency 5 seconds, holdtime 25 seconds > > On the solution, what he modifies is the Unit poll time. > > Second, if you read the firewall for the interfaces configuration part, > the show command is incomplete. If you do a show interface | include|System > without being on the context itself, you care not going to see the output > as expected. As per the show command exhibit, it is being taken from the > ASA system context, otherwise, it would show (by default) hostname and > context name, which would rule out two different configuration questions, 1 > That the device is indeed in multiple context and second, the names of the > contexts to be configured. > > Is this how the do the questions on the Lab? > > Mike > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
