Wednesday, August 4, 2010

Cisco ASA Stateful Informations, During Failover


When stateful failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Supported end-user applications are not required to reconnect to keep the same communication session.

The state information passed to the standby unit includes these:

The NAT translation table

The TCP connection states

The UDP connection states

The ARP table

The Layer 2 bridge table (when it runs in the transparent firewall mode)

The HTTP connection states (if HTTP replication is enabled)

The ISAKMP and IPSec SA table

The GTP PDP connection database

The information that is not passed to the standby unit when stateful failover is enabled includes these:

The HTTP connection table (unless HTTP replication is enabled)

The user authentication (uauth) table

The routing tables

State information for security service modules