With active/standby failover, what happens if the standby Cisco ASA does not receive three
consecutive hello messages from the active Cisco ASA on the LAN failover interface?
A.
The standby ASA immediately becomes the active ASA.
B.
The standby ASA eventually becomes the active ASA after three times the hold-down timer
interval expires.
C.
The standby ASA runs network activity tests, including ARP and ping, to determine if the active
ASA has failed.
D.
The standby ASA sends additional hellos packets on all monitored interfaces, including the LAN
failover interface, to determine if the active ASA has failed.
E.
Both ASAs go to the “unknown” state until the LAN interface becomes operational again.
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html
Unit Health Monitoring The ASA determines the health of the other unit by monitoring the failover
link. When a unit does not receive three consecutive hello messages on the failover link, the unit
sends interface hello messages on each interface, including the failover interface, to validate
whether or not the peer interface is responsive. The action that the ASA takes depends upon the
response from the other unit. See the following possible actions:
•If the ASA receives a response on the failover interface, then it does not fail over.
•If the ASA does not receive a response on the failover link, but it does receive a response on
another interface, then the unit does not failover. The failover link is marked as failed. You should
restore the failover link as soon as possible because the unit cannot fail over to the standby while
the failover link is down.
•If the ASA does not receive a response on any interface, then the standby unit switches to active
mode and classifies the other unit as failed.