SlideShare una empresa de Scribd logo

Cisco ASA Active/Active Failover Configuration Guide

Descargar como DOCX, PDF
IT Tech
IT Tech

The document describes how to configure active/active failover on Cisco ASA firewalls. Key steps include: 1) Configuring both ASA devices in multiple context mode. 2) Creating failover groups and assigning contexts to each group. 3) Configuring failover and stateful failover interfaces on each device. 4) Assigning IP addresses to interfaces in each context. This allows both devices to remain active and share the load, improving firewall throughput and availability.

Tecnología
1 de 8
Cisco ASA Active/Active Failover Configuration The Cisco ASA failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs. In case of Active/active configuration both Units carry traffic. For creating active/active Failover, configuring both ASA devices in Multiple context mode is required. For ASA redundancy scenario the two devices must be the same models, must have the same number and type of interfaces and the same license is required. ASA 5505 and 5510 do not support active/active failover without license upgrade. For active/active configuration, Failover Contexts and Failover groups need to be created. The Failover group is then applied to Primary or Secondary physical ASA unit. After this, the particular Failover group is applied to a Context. For example, primary unit is active ASA of Failover group1, but Secondary unit is Standby ASA of Failover group1. If primary ASA is out of order, Secondary ASA will become Active of Failover group1. For explaining Active/Active Failover configuration in details, let’s do the following LAB. HTTP://WWW.ROUTER-SWITCH.COM/
Click on the image above for larger size diagram Configuration !Switch both ASA devices to multiple context mode. asa(config)#mode multiple !When ASAs are reloaded, connect them to each other with Ge0/2 and Ge0/3 ports. First start with the Primary Unit configuration. Before starting configuration, all interfaces must be in the up state. !enable LAN Failover. asa(config)#failover lan enable !set this unit as primary. asa(config)#failover lan unit primary HTTP://WWW.ROUTER-SWITCH.COM/
Determine Failover and State interfaces. These two interfaces can be the same physical interface if you don’t need to consume one extra port. In our example here we use two separate physical interfaces. In this article, the “failover” (interface name for GigabitEthernet0/2) is used as a failover interface. !Define Failover Interface asa(config)#failover lan interface failover Ge0/2 !assign IP address on Failover Interface. MUST be in same Subnet as the standby on the other unit. asa(config)#failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2 In this documentation, the “state” (interface name for GigabitEthernet0/3) is used as a state interface. !Definestateful Failover interface asa(config)#failover link state Ge0/3 !assign IP address on Stateful Failover interface asa(config)#failover interface ip state 192.168.4.1 255.255.255.0 standby 192.168.4.2 !Create Failover groups, where Failover group1 will be the Primary, i.e. active on Primary Unit and Failover group2 will be the Standby on Primary Unit. Configure also HTTP Replication, after which occurs HTTP Connection state replication between active and Standby ASAs. Also determine Preempt Delay. Preempt Delay means in what time to regain role of Active after Fail Recovery. asa(config)#failover group 1 asa(config-fover-group)#primary asa(config-fover-group)#preempt 120 asa(config-fover-group)# replication http asa(config)#failover group 2 asa(config-fover-group)#secondary asa(config-fover-group)#preempt 120 asa(config-fover-group)# replication http Now let’s start creating Contexts and assigning interfaces in each Context. !Configure the admin context asa(config)# admin-context admin HTTP://WWW.ROUTER-SWITCH.COM/
asa(config)# context admin asa(config-ctx)# allocate-interface Management0/0 asa(config-ctx)# config-url disk0:/admin.cfg !configure the Sub-interfaces interface GigabitEthernet0/0.10 vlan 10 interface GigabitEthernet0/0.11 vlan 11 interface GigabitEthernet0/1.20 vlan 20 interface GigabitEthernet0/1.21 vlan 21 ! Configure the contexts asa(config)# context c1 asa(config-ctx)# allocate-interface gigabitethernet0/0.10 asa(config-ctx)# allocate-interface gigabitethernet0/1.20 asa(config-ctx)# config-url disk0:/c1.cfg asa(config)# context c2 asa(config-ctx)# allocate-interface gigabitethernet0/0.11 asa(config-ctx)# allocate-interface gigabitethernet0/1.21 asa(config-ctx)# config-url disk0:/c2.cfg !Snap each Context to Failover Groups. If we don’t indicate Contexts to Failover Groups, each context will be in Group1 by default. asa(config)# context c1 asa(config-ctx)# join-failover-group 1 asa(config)# context c2 asa(config-ctx)# join-failover-group 2 !Configure IP addresses on Context1. asa#changeto context c1 asa/c1# show running-config interface ! interface GigabitEthernet0/0.10 nameif outside security-level 0 ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2 ! interface GigabitEthernet0/1.20 nameif inside security-level 100 HTTP://WWW.ROUTER-SWITCH.COM/
ip address 192.168.20.1 255.255.255.0 standby 192.168.20.2 !Configure IP addresses on Context2. asa#changeto context c2 asa/c2# show running-config interface ! interface GigabitEthernet0/0.11 nameif outside security-level 0 ip address 192.168.11.1 255.255.255.0 standby 192.168.11.2 ! interface GigabitEthernet0/1.21 nameif inside security-level 100 ip address 192.168.21.1 255.255.255.0 standby 192.168.21.2 ! Now let’s start Secondary Unit configuration. !Define Failover Interface asa(config)#failover lan interface failover Ge0/2 !assign IP address on Failover Interface. MUST be in same Subnet as other unit. asa(config)#failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2 !enable LAN Failover. asa(config)#failover lan enable !set this unit as secondary asa(config)#failover lan unit secondary With the above piece of configuration commands everything is completed and now let’s start checking. Verification: !verify Primary UNIT asa# show failover Failover On Failover unit Primary Failover LAN Interface: failover GigabitEthernet0/2 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 HTTP://WWW.ROUTER-SWITCH.COM/
Monitored Interfaces 4 of 250 maximum Version: Ours 8.2(1), Mate 8.2(1) Group 1 last failover at: 05:12:14 tbilisi Dec 7 2010 Group 2 last failover at: 10:13:04 tbilisi Oct 24 2010 This host: Primary Group 1 State: Active Active time: 14536379 (sec) Group 2 State: Standby Ready Active time: 0 (sec) slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.1): Normal c1 Interface inside (192.168.20.1): Normal c2 Interface outside (192.168.11.1): Normal c2 Interface inside (192.168.21.1): Normal slot 1: empty Other host: Secondary Group 1 State: Standby Ready Active time: 1104 (sec) Group 2 State: Active Active time: 14537266 (sec) slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.2): Normal c1 Interface inside (192.168.20.2): Normal c2 Interface outside (192.168.11.2): Normal c2 Interface inside (192.168.22.2): Normal slot 1: empty Stateful Failover Logical Update Statistics Link : state GigabitEthernet0/3.2 (up) StatefulObj xmit xerr rcv rerr General 2405585244 0 75798262 188 sys cmd 1938317 0 1938317 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 1241561564 0 43443406 91 UDP conn 1157379296 0 28582971 84 ARP tbl 3799402 0 1833568 13 Xlate_Timeout 0 0 0 0 SIP Session 906665 0 0 0 Logical Update Queue Information Cur Max Total HTTP://WWW.ROUTER-SWITCH.COM/
Recv Q: 0 49 90335543 Xmit Q: 0 7 2405585244 !verify Secondary unit ASA# show failover Failover On Failover unit Secondary Failover LAN Interface: failover GigabitEthernet0/2 Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 4 of 250 maximum Version: Ours 8.2(1), Mate 8.2(1) Group 1 last failover at: 05:12:14 tbilisi Dec 7 2010 Group 2 last failover at: 10:13:03 tbilisi Oct 24 2010 This host: Secondary Group 1 State: Standby Ready Active time: 1104 (sec) Group 2 State: Active Active time: 14537372 (sec) slot 0: ASA5540 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.2): Normal c1 Interface inside (192.168.20.2): Normal c2 Interface outside (192.168.11.2): Normal c2 Interface inside (192.168.21.2): Normal slot 1: empty Other host: Primary Group 1 State: Active Active time: 14536486 (sec) Group 2 State: Standby Ready Active time: 0 (sec) slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.1): Normal c1 Interface inside (192.168.20.1): Normal c2 Interface outside (192.168.11.1): Normal c2 Interface inside (192.168.21.1): Normal slot 1: empty Stateful Failover Logical Update Statistics HTTP://WWW.ROUTER-SWITCH.COM/
Link : state GigabitEthernet0/3.2 (up) StatefulObj xmit xerr rcv rerr General 111758344 0 1089580597 1046 sys cmd 1938331 0 1938331 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 73801356 0 581933209 113 UDP conn 34185062 0 501003000 886 ARP tbl 1833595 0 3799403 36 Xlate_Timeout 0 0 0 0 SIP Session 0 0 906654 11 Logical Update Queue Information Cur Max Total Recv Q: 0 7 1104118240 Xmit Q: 0 1 111758344 As we observed from above, active/active Failover is working and everything is as expected. More Related Cisco and Networking Tips: How to Configure Dual ISP on Cisco ASA 5505? How to Configure a Cisco ASA 5540 for Video Conferencing for Polycom Device? New Cisco ASA Clustering Feature Enables 320 Gbps Firewall HTTP://WWW.ROUTER-SWITCH.COM/

Recomendados

Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallKHNOG
 
ASA Failover
ASA FailoverASA Failover
ASA FailoverNetProtocol Xpert
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logicAlberto Rivai
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheetEng. Emad Al-Atoum
 
Chassis Cluster Configuration
Chassis Cluster ConfigurationChassis Cluster Configuration
Chassis Cluster ConfigurationKashif Latif
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 

Recomendados

Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallKHNOG
 
ASA Failover
ASA FailoverASA Failover
ASA FailoverNetProtocol Xpert
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logicAlberto Rivai
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheetEng. Emad Al-Atoum
 
Chassis Cluster Configuration
Chassis Cluster ConfigurationChassis Cluster Configuration
Chassis Cluster ConfigurationKashif Latif
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLANAruba, a Hewlett Packard Enterprise company
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingAruba, a Hewlett Packard Enterprise company
 
Ospf
OspfOspf
OspfJoshua Fonseca
 
WLAN Design for Location, Voice & Video
WLAN Design for Location, Voice & VideoWLAN Design for Location, Voice & Video
WLAN Design for Location, Voice & VideoAruba, a Hewlett Packard Enterprise company
 
CCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part ICCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part IAmir Jafari
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cmeYves Jean Louis
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingAruba, a Hewlett Packard Enterprise company
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSanilinvns
 
Airwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguideAirwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguideAruba, a Hewlett Packard Enterprise company
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instructionMostafa El Lathy
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
IPv6
IPv6IPv6
IPv6Peter R. Egli
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
PROYECTO VLANS
PROYECTO VLANSPROYECTO VLANS
PROYECTO VLANSrubendavidsuarez
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba, a Hewlett Packard Enterprise company
 

Más contenido relacionado

La actualidad más candente

CCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part ICCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part IAmir Jafari
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cmeYves Jean Louis
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSanilinvns
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instructionMostafa El Lathy
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 

La actualidad más candente (20)

Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
 
Ospf
OspfOspf
Ospf
 
WLAN Design for Location, Voice & Video
WLAN Design for Location, Voice & VideoWLAN Design for Location, Voice & Video
WLAN Design for Location, Voice & Video
 
CCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part ICCNA Lab 1-Configuring a Switch Part I
CCNA Lab 1-Configuring a Switch Part I
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
 
Airwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguideAirwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguide
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
IPv6
IPv6IPv6
IPv6
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
 

Similar a Cisco ASA Active/Active Failover Configuration Guide

CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configurationsamreenghauri786
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commandsssusere31b5c
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructionstrayyoo
 
Exercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ questionExercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ questionsufi1248
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated newAmolDhoke3
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
Ccna lab manual 640 802
Ccna lab manual 640 802Ccna lab manual 640 802
Ccna lab manual 640 802manikkan
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02A.S.M Shmimul Islam.
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornmentAsif
 

Similar a Cisco ASA Active/Active Failover Configuration Guide (20)

PROYECTO VLANS
PROYECTO VLANSPROYECTO VLANS
PROYECTO VLANS
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configuration
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
 
Exercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ questionExercise 4c stp rapid pvst+ question
Exercise 4c stp rapid pvst+ question
 
portfolio2
portfolio2portfolio2
portfolio2
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated new
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relay
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
Session 2
Session 2Session 2
Session 2
 
Ccna lab manual 640 802
Ccna lab manual 640 802Ccna lab manual 640 802
Ccna lab manual 640 802
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
 
Day 13.1..1 catalyst switch
Day 13.1..1 catalyst switchDay 13.1..1 catalyst switch
Day 13.1..1 catalyst switch
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 a
 
3 2
3 23 2
3 2
 

Más de IT Tech

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 

Más de IT Tech (20)

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Cisco ASA Active/Active Failover Configuration Guide

  • 1. Cisco ASA Active/Active Failover Configuration The Cisco ASA failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs. In case of Active/active configuration both Units carry traffic. For creating active/active Failover, configuring both ASA devices in Multiple context mode is required. For ASA redundancy scenario the two devices must be the same models, must have the same number and type of interfaces and the same license is required. ASA 5505 and 5510 do not support active/active failover without license upgrade. For active/active configuration, Failover Contexts and Failover groups need to be created. The Failover group is then applied to Primary or Secondary physical ASA unit. After this, the particular Failover group is applied to a Context. For example, primary unit is active ASA of Failover group1, but Secondary unit is Standby ASA of Failover group1. If primary ASA is out of order, Secondary ASA will become Active of Failover group1. For explaining Active/Active Failover configuration in details, let’s do the following LAB. HTTP://WWW.ROUTER-SWITCH.COM/
  • 2. Click on the image above for larger size diagram Configuration !Switch both ASA devices to multiple context mode. asa(config)#mode multiple !When ASAs are reloaded, connect them to each other with Ge0/2 and Ge0/3 ports. First start with the Primary Unit configuration. Before starting configuration, all interfaces must be in the up state. !enable LAN Failover. asa(config)#failover lan enable !set this unit as primary. asa(config)#failover lan unit primary HTTP://WWW.ROUTER-SWITCH.COM/
  • 3. Determine Failover and State interfaces. These two interfaces can be the same physical interface if you don’t need to consume one extra port. In our example here we use two separate physical interfaces. In this article, the “failover” (interface name for GigabitEthernet0/2) is used as a failover interface. !Define Failover Interface asa(config)#failover lan interface failover Ge0/2 !assign IP address on Failover Interface. MUST be in same Subnet as the standby on the other unit. asa(config)#failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2 In this documentation, the “state” (interface name for GigabitEthernet0/3) is used as a state interface. !Definestateful Failover interface asa(config)#failover link state Ge0/3 !assign IP address on Stateful Failover interface asa(config)#failover interface ip state 192.168.4.1 255.255.255.0 standby 192.168.4.2 !Create Failover groups, where Failover group1 will be the Primary, i.e. active on Primary Unit and Failover group2 will be the Standby on Primary Unit. Configure also HTTP Replication, after which occurs HTTP Connection state replication between active and Standby ASAs. Also determine Preempt Delay. Preempt Delay means in what time to regain role of Active after Fail Recovery. asa(config)#failover group 1 asa(config-fover-group)#primary asa(config-fover-group)#preempt 120 asa(config-fover-group)# replication http asa(config)#failover group 2 asa(config-fover-group)#secondary asa(config-fover-group)#preempt 120 asa(config-fover-group)# replication http Now let’s start creating Contexts and assigning interfaces in each Context. !Configure the admin context asa(config)# admin-context admin HTTP://WWW.ROUTER-SWITCH.COM/
  • 4. asa(config)# context admin asa(config-ctx)# allocate-interface Management0/0 asa(config-ctx)# config-url disk0:/admin.cfg !configure the Sub-interfaces interface GigabitEthernet0/0.10 vlan 10 interface GigabitEthernet0/0.11 vlan 11 interface GigabitEthernet0/1.20 vlan 20 interface GigabitEthernet0/1.21 vlan 21 ! Configure the contexts asa(config)# context c1 asa(config-ctx)# allocate-interface gigabitethernet0/0.10 asa(config-ctx)# allocate-interface gigabitethernet0/1.20 asa(config-ctx)# config-url disk0:/c1.cfg asa(config)# context c2 asa(config-ctx)# allocate-interface gigabitethernet0/0.11 asa(config-ctx)# allocate-interface gigabitethernet0/1.21 asa(config-ctx)# config-url disk0:/c2.cfg !Snap each Context to Failover Groups. If we don’t indicate Contexts to Failover Groups, each context will be in Group1 by default. asa(config)# context c1 asa(config-ctx)# join-failover-group 1 asa(config)# context c2 asa(config-ctx)# join-failover-group 2 !Configure IP addresses on Context1. asa#changeto context c1 asa/c1# show running-config interface ! interface GigabitEthernet0/0.10 nameif outside security-level 0 ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2 ! interface GigabitEthernet0/1.20 nameif inside security-level 100 HTTP://WWW.ROUTER-SWITCH.COM/
  • 5. ip address 192.168.20.1 255.255.255.0 standby 192.168.20.2 !Configure IP addresses on Context2. asa#changeto context c2 asa/c2# show running-config interface ! interface GigabitEthernet0/0.11 nameif outside security-level 0 ip address 192.168.11.1 255.255.255.0 standby 192.168.11.2 ! interface GigabitEthernet0/1.21 nameif inside security-level 100 ip address 192.168.21.1 255.255.255.0 standby 192.168.21.2 ! Now let’s start Secondary Unit configuration. !Define Failover Interface asa(config)#failover lan interface failover Ge0/2 !assign IP address on Failover Interface. MUST be in same Subnet as other unit. asa(config)#failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2 !enable LAN Failover. asa(config)#failover lan enable !set this unit as secondary asa(config)#failover lan unit secondary With the above piece of configuration commands everything is completed and now let’s start checking. Verification: !verify Primary UNIT asa# show failover Failover On Failover unit Primary Failover LAN Interface: failover GigabitEthernet0/2 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 HTTP://WWW.ROUTER-SWITCH.COM/
  • 6. Monitored Interfaces 4 of 250 maximum Version: Ours 8.2(1), Mate 8.2(1) Group 1 last failover at: 05:12:14 tbilisi Dec 7 2010 Group 2 last failover at: 10:13:04 tbilisi Oct 24 2010 This host: Primary Group 1 State: Active Active time: 14536379 (sec) Group 2 State: Standby Ready Active time: 0 (sec) slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.1): Normal c1 Interface inside (192.168.20.1): Normal c2 Interface outside (192.168.11.1): Normal c2 Interface inside (192.168.21.1): Normal slot 1: empty Other host: Secondary Group 1 State: Standby Ready Active time: 1104 (sec) Group 2 State: Active Active time: 14537266 (sec) slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.2): Normal c1 Interface inside (192.168.20.2): Normal c2 Interface outside (192.168.11.2): Normal c2 Interface inside (192.168.22.2): Normal slot 1: empty Stateful Failover Logical Update Statistics Link : state GigabitEthernet0/3.2 (up) StatefulObj xmit xerr rcv rerr General 2405585244 0 75798262 188 sys cmd 1938317 0 1938317 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 1241561564 0 43443406 91 UDP conn 1157379296 0 28582971 84 ARP tbl 3799402 0 1833568 13 Xlate_Timeout 0 0 0 0 SIP Session 906665 0 0 0 Logical Update Queue Information Cur Max Total HTTP://WWW.ROUTER-SWITCH.COM/
  • 7. Recv Q: 0 49 90335543 Xmit Q: 0 7 2405585244 !verify Secondary unit ASA# show failover Failover On Failover unit Secondary Failover LAN Interface: failover GigabitEthernet0/2 Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 4 of 250 maximum Version: Ours 8.2(1), Mate 8.2(1) Group 1 last failover at: 05:12:14 tbilisi Dec 7 2010 Group 2 last failover at: 10:13:03 tbilisi Oct 24 2010 This host: Secondary Group 1 State: Standby Ready Active time: 1104 (sec) Group 2 State: Active Active time: 14537372 (sec) slot 0: ASA5540 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.2): Normal c1 Interface inside (192.168.20.2): Normal c2 Interface outside (192.168.11.2): Normal c2 Interface inside (192.168.21.2): Normal slot 1: empty Other host: Primary Group 1 State: Active Active time: 14536486 (sec) Group 2 State: Standby Ready Active time: 0 (sec) slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys) c1 Interface outside (192.168.10.1): Normal c1 Interface inside (192.168.20.1): Normal c2 Interface outside (192.168.11.1): Normal c2 Interface inside (192.168.21.1): Normal slot 1: empty Stateful Failover Logical Update Statistics HTTP://WWW.ROUTER-SWITCH.COM/
  • 8. Link : state GigabitEthernet0/3.2 (up) StatefulObj xmit xerr rcv rerr General 111758344 0 1089580597 1046 sys cmd 1938331 0 1938331 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 73801356 0 581933209 113 UDP conn 34185062 0 501003000 886 ARP tbl 1833595 0 3799403 36 Xlate_Timeout 0 0 0 0 SIP Session 0 0 906654 11 Logical Update Queue Information Cur Max Total Recv Q: 0 7 1104118240 Xmit Q: 0 1 111758344 As we observed from above, active/active Failover is working and everything is as expected. More Related Cisco and Networking Tips: How to Configure Dual ISP on Cisco ASA 5505? How to Configure a Cisco ASA 5540 for Video Conferencing for Polycom Device? New Cisco ASA Clustering Feature Enables 320 Gbps Firewall HTTP://WWW.ROUTER-SWITCH.COM/