COnfiguring active-active failover on Cicso ASA 5520

Unanswered Question
Aug 31st, 2008
User Badges:

Hi everyone,


I have two Cisco ASA 5520 with active/active failover license and need to configure them as active/active pair.


Changed both firewalls to multiple context mode and configured primary firewall in admin context.


I would like to know one things


If I have only one context how can i configure the firewalls in Active/Active mode.



Dileep



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.

Even if you technically are only using one context for your access-list rules, etc there will be the other contexts;


system - contains the allocate-interface commands, which assign fw interfaces or vlans to virtual firewalls


admin - used to administer the firewall or as the first context for access-list rules


context1 - contains server and workstation access-list entries, such as email, www, citrix, etc.


So when you say you are only using one context the others still exist.


-Joe

Dileep Sivadas ... Mon, 09/01/2008 - 20:23
User Badges:

yes, Joe that's true.


But I have another isssue when I enabling the active/active failover on both firewall, the replication between them taking place and my dynamic NATing enteries working fine. But the static NAT entries failed. Could you please tell me what will be the problem and how to troubleshoot this .


Dileep

Marwan ALshawi Mon, 09/01/2008 - 21:04
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try to do

clear xlate

clear conn

or reload

some times this make problem i apllying the nating and nat polices if u have as well


by the way if u have one context u cant run active/active paractly

because active/active is run in a active/stnadby way but for multiple context u gonna make one active for this context and standby for other context and on the other firewall the same idea


if helpful Rate

Actions

This Discussion