Sunday, December 13, 2015

ASA Active/Standby Failover Configuration

Unknown 8:58 AM 0

The fail-over configuration requires two identical security appliances connected to each other through a dedicated fail-over link and, optionally, a state full fail-over link. The health of the active interfaces and units is monitored to determine if specific fail-over conditions are met. If those conditions are met, fail-over occurs.

Active/Standby Fail-over lets you use a standby security appliance to take over the functionality of a failed unit. When the active unit fails, it changes to the standby state while the standby unit changes to the active state. The unit that becomes active assumes the IP addresses, or, for a transparent firewall, the management IP address, and MAC addresses of the failed unit and begins to pass traffic.

First you should have two identical ASAs with fail-over feature enabled. you can verify it by issuing following command. If not you have purchase a license.

#show version

Primary Firewall

1. Enable fail-over feature
FW01(config)#failover

2. Set FW as primary or secondary. FW01 configured as primary in given example.

FW01(config)#failover lan unit primary

3. Set the failover link which use to synchronize each other. Ge3 is configured as failover link and "failover-interface" is set as name of the interfaces in both FWs in given example.

FW01(config)#failover lan interface failover-interface GigabitEthernet3

4.Set failover interface primary and secondary ip addresses.

FW01(config)#failover interface ip failover-interface 10.200.190.17 255.255.255.252 standby 10.200.190.18

Secondary Firewall

1. Enable fail-over feature
FW02(config)#failover

2. Set FW as primary or secondary. FW02 configured as primary in given example.

FW02(config)#failover lan unit secondary

3. Set the failover link which use to synchronize each other. Ge3 is configured as failover link and "failover-interface" is set as name of the interfaces in both FWs in given example.

FW02(config)#failover lan interface failover-interface GigabitEthernet3

4.Set failover interface primary and secondary ip addresses.

FW02(config)#failover interface ip failover-interface 10.200.190.17 255.255.255.252 standby 10.200.190.18

Done!!! :)

You can verify the whether it is working properly or not by issuing following command.

FW01# show failover state

FW02# show failover state

Posted by Unknown at 8:58 AM

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Tweet
Share
Pin it
Comment

Labels:

active, asa, cisco, fail-over, failover, firewall, standby

About Unknown

author image

ASA Active/Standby Failover Configuration

ASA Active/Standby Failover Configuration

Reviewed by Unknown on 8:58 AM Rating: 5

No comments:

Post a Comment

Newer Post Older Post

About Me

Newsletter

Subscribe

Blogger Tips and Tricks

Latest Tips For Bloggers

Popular Posts

Network Devices Backup Automation with Rancid WebSVN and Ububtu

1. Become root, and install the Subversion Version Control System: In addition to Subversion we will specify to install telnet and the mutt ...
Primary, Extended and Logical Partitions in RedHat/CentOS 7

Primary Partition A primary partition is in which an Operating System can be installed. One MBR hard disk may contain a maximum of 4 prima...
VRRP and HSRP

The Virtual Router Redundancy Protocol ( VRRP ) is a computer networking protocol that provides for automatic assignment of available Int...
Five Active Directory policies you should know

How to create a group policy? 1. Go to "Server Manager" --> "Tools" --> "Group Policy Management" ...
ASA Active/Standby Failover Configuration

The fail-over configuration requires two identical security appliances connected to each other through a dedicated fail-over link and,...
Microsoft SQL(MSSQL) use all system memory.

Issue: MSSQL Server will consume as much memory as you will allow it. By default, that number would encompass 100% of your numerical...
BIND DNS Server Configuration on CentOS/Redhat 7(Caching Server)

BIND DNS is open source widely using DNS in the world. DNS (domain name system) converts machine name or url to the IP addresses and IP addr...
How to Shutdown, Restart, or Logoff a Remote Computer

This guide shows you how to use the shutdown command and its various switches to shutdown, restart, or log off local or remote computers f...
Ether Channel Configuration on Cisco Switches

E therChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of sev...
Windows Sever gets hang in "Preparing to configure Windows. Do not turn off your computer" state during the reboot.

Issue: You may experience that Windows server take long time to reboot after windows update. (approx 1 Hour wait). Ping was working fine, ...

Advertisement

Labels

Blog Archive

► 2016 (1)
- ► February (1)

▼ 2015 (8)
- ▼ December (1)
  - ASA Active/Standby Failover Configuration
- ► October (1)
- ► July (1)
- ► June (5)

► 2014 (3)
- ► October (1)
- ► September (2)

Copyright © 2014 by Sithila Madushanka. Powered by Blogger.

Pages

What's new
Cisco
Linux
Microsoft
Downloads

Followers

Labels

Follow Us

Created By Sora Templates & Blogger Templates | Distributed By Gooyaabi Templates