Admin Context access to two 5540 firewalls working as Active-Active

Unanswered Question

i have two firewalls configured as an Active-Active, i created two contexts plus the admin context in each firewall.

as in the failover, one unit is acting as a Primary unit, and the other unit is acting as Secondary. so the primary unit is responsible for Running-Conf replication to the secondary one.

My Problem is:

the primary unit synchronize all the running configuration to the secondary, including the Admin Context configuration ( IP address.......).

i use the admin context for the management access to each firewall, so by this the two firewalls have the same IP address. which result of access problem to the secondary firewall.

i have to use the admin context for the management; because the management interface is used for the failover.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Sat, 01/24/2009 - 07:41

Hi Mahmoud,

You'll want to configure your IP addresses with the 'standby' keyword. This way, the Secondary unit will use the standby IP address and you can access your devices on two different addresses. For each of your 'ip address' statements, simply add the 'standby' keyword to the end of it:

asa(config-if)# ip address standby

This configuration will then be replicated to the Secondary unit, which you will be able to access with the .

Also, the must be an unused address in the same subnet as the .

Here is a quick link to the Active/Active configuration example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml

Hope that helps.

-Mike

Actions

This Discussion