08-31-2008 10:03 PM - edited 03-11-2019 06:38 AM
Hi everyone,
I have two Cisco ASA 5520 with active/active failover license and need to configure them as active/active pair.
Changed both firewalls to multiple context mode and configured primary firewall in admin context.
I would like to know one things
If I have only one context how can i configure the firewalls in Active/Active mode.
Dileep
08-31-2008 10:47 PM
Even if you technically are only using one context for your access-list rules, etc there will be the other contexts;
system - contains the allocate-interface commands, which assign fw interfaces or vlans to virtual firewalls
admin - used to administer the firewall or as the first context for access-list rules
context1 - contains server and workstation access-list entries, such as email, www, citrix, etc.
So when you say you are only using one context the others still exist.
-Joe
09-01-2008 08:23 PM
yes, Joe that's true.
But I have another isssue when I enabling the active/active failover on both firewall, the replication between them taking place and my dynamic NATing enteries working fine. But the static NAT entries failed. Could you please tell me what will be the problem and how to troubleshoot this .
Dileep
09-01-2008 09:04 PM
try to do
clear xlate
clear conn
or reload
some times this make problem i apllying the nating and nat polices if u have as well
by the way if u have one context u cant run active/active paractly
because active/active is run in a active/stnadby way but for multiple context u gonna make one active for this context and standby for other context and on the other firewall the same idea
if helpful Rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide