Cisco ASA 5505 Configuration Manual page 1199

Chapter 57 Information About High Availability
Table 57-2
is enabled.
Table 57-2
State Information Passed to Standby Unit
NAT translation table
TCP connection states
UDP connection states
The ARP table
The Layer 2 bridge table (when running in
transparent firewall mode)
The HTTP connection states (if HTTP replication
is enabled)
The ISAKMP and IPSec SA table
GTP PDP connection database
SIP signalling sessions
The following WebVPN features are not supported with Stateful Failover:
Smart Tunnels
•
Port Forwarding
•
Plugins
•
Java Applets
•
• IPv6 clientless or Anyconnect sessions
• Citrix authentication (Citrix users must reauthenticate after failover)
If failover occurs during an active Cisco IP SoftPhone session, the call remains active because the call
Note
session state information is replicated to the standby unit. When the call is terminated, the IP SoftPhone
client loses connection with the Cisco CallManager. This occurs because there is no session information
for the CTIQBE hangup message on the standby unit. When the IP SoftPhone client does not receive a
response back from the Call Manager within a certain time period, it considers the CallManager
unreachable and unregisters itself.
For VPN failover, VPN end-users should not have to reauthenticate or reconnect the VPN session in the
event of a failover. However, applications operating over the VPN connection could lose packets during
the failover process and not recover from the packet loss.
OL-20339-01
list the state information that is and is not passed to the standby unit when Stateful Failover
State Information
Stateless (Regular) and Stateful Failover
State Information Not Passed to Standby Unit
The HTTP connection table (unless HTTP
replication is enabled).
The user authentication (uauth) table.
The routing tables. After a failover occurs, some
packets may be lost or routed out of the wrong
interface (the default route) while the dynamic
routing protocols rediscover routes.
State information for Security Service Modules.
DHCP server address leases.
Stateful Failover for phone proxy. When the
active unit goes down, the call fails, media stops
flowing, and the phone should unregister from the
failed unit and reregister with the active unit. The
call must be re-established.
—
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
57-7