
In an [ASA](/asa) [high-availability](/asa-prerequisites-for-high-availability) arrangement, there are several options to choose from.  

In  the [Active/Standby failover setup](/cisco-asa-active-standby), the failover process can take several seconds to complete.  This is because it involves several steps such as health checks, stateful information transfer, and role switching, which can take some time. 

To potentially reduce failover time, you can adjust the failover poll time using the `failover polltime` command. However, setting this value too low may cause unnecessary failovers. Additionally, [Bidirectional Forwarding Detection (BFD)](/bidirectional-forwarding-detection-bfd) can improve failover times but is only supported on Firepower 9300 and 4100 models. Adjusting these parameters should be done cautiously to avoid unexpected results. For more detailed configurations, refer to the Cisco documentation on ASA failover.

To achieve zero downtime in the event of a failure, it is preferrable to configure [Active/Active failover](/cisco-asa-active-active).

The primary goal of failover is to provide a backup in case the primary system fails, and is not necessarily there to ensure zero downtime. However, using the above guidelines, it is possible to optomize the high availability setup to adhere to your needs.

Links:

https://forum.networklessons.com/t/802-1q-tunneling-q-in-q-configuration-example/1086/162?u=lagapidis

https://networklessons.com/switching/802-1q-tunneling-q-q-configuration-example/

ASA - Optimizing High Availability

802.11 EAPOL-Key Frames

AAA - RADIUS UDP Port

AAA - RADIUS vs TACACS+

AAA - Understanding aaa authorization exec Command in Cisco IOS

AAA - accounting start-stop and start-only

AAA - configuring a fallback method

AAA - radius-server host command deprecated

AAA start-stop and stop-only

ACI - Bridge Groups

ACL - Applying in a VRF environment

ACL - IPv6 implicit statements

ACL - NX-OS resequence command

ACL - Sequence Numbers

ACL - established keyword

ACL - operators

ACL - time-based access list on IOS-XR

ACL Logging

ACL editor

ACL log update threshold

ACL logging matched packets

ACL wildcard mask

ACLs Filtering Locally Generated Traffic

ARP - Local Proxy ARP

ARP - Message Header and Payload

ARP - Proxy ARP best practices

ARP - Static ARP entry for own IP address

ARP - determining the next hop MAC address

ARP - promiscuous mode

ARP - what is Proxy ARP

ARP table default timeout

ARP table

ASA - ASDM Cipher security levels

ASA - ASDM

ASA - AnyConnect Management VPN Tunnel

ASA - Clientless VPN

ASA - Crypto key size for Version 9.16

ASA - IKE proposal parameters

ASA - NAT translate_hits and untranslate_hits counters

ASA - RADIUS common password

ASA - Understanding NAT behavior with DMZ Subnet

ASA - Using FQDN in an ACL for VPN split tunnelling

ASA - VTI VPN and MSS

ASA - crypto hardware processing

ASA - emulating an ASA device

ASA - multiple AnyConnect packages

ASA - multiple VPNs between the same endpoints

ASA - number of crypto maps per interface

ASA - object group protocol vs service

ASA - same-security-traffic command

ASA - split-tunnel-policy command

ASA - using FQDN in an ACL

ASA CTM ipsec poll ctl DU_IOCTL_RESUME_POLL ioctl failed error

ASA Contexts operate as separate virtual devices

ASA DDoS protection

ASA DMZ

ASA ECMP static routing

ASA Manual NAT and Auto NAT

ASA NAT control

ASA NAT port forwarding multiple ports to same IP

ASA NAT with DHCP assigned IP address on the  outside interface

ASA NAT with multiple inside subnets

ASA Site-to-Site IKEv1 IPSec VPN recv errors

ASA Static one to one NAT on a range of addresses

ASA Troubleshoot HTTP and ASDM access

ASA VPN with overlapping IP address spaces

ASA active-standby failover preemption

ASA and Firepower reimaging

ASA crypto map and tunnel group preshared keys

ASA group policies

ASA implicit rule

ASA limit CLI and ASDM access to specific users

ASA packet processing algorithm

ASA prerequisites for high availability

ASA redirect IP SLA messages to log buffer

ASA redundant interface

ASA security levels

ASA syslog logging in multiple context mode

ASA to Firepower migration

ASA troubleshooting IPSec

ASA tunnel-group

ASA understanding version numbers

ASA what triggers an active-standby failover

ASA won't respond to pings from different subnet

Anycast

Automation - Ansible connection plugins

BFD - Control Plane Independent (CPI) bit

BFD - intervals and timers

BFD - slow-timers

BFD - with multiple routing protocols

BFD echo mode and operation details

BFD how an administrative change differs from a failure

BFD one-arm echo

BGP - 4-byte ASN Backward Compatibility

BGP - AFI and SAFI

BGP - AS_Path filtering use cases