Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
0
Helpful
6
Replies

LAN Based ACtive/Standby Failiver on ciso ASA 5540

chetansharma
Level 1
Level 1

‎11-26-2009 10:19 AM - edited ‎03-11-2019 09:43 AM

HI,

Can we configure LAN based active/standby failover on cisco asa 5540. Firewall is in routed mode with single context and i want to use managment interface to configure failover.Please suggest and step to configure the failover.

Thank You

Chetan

Labels:
0 Helpful
6 Replies 6

Kent Heide
Level 1
Level 1

‎11-26-2009 10:33 AM

As per Cisco documentation, the use of the Management interface for failover is not recommended.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

You can also use that guide to learn how to configure the failover. Happy reading :-)

0 Helpful

Andy White
Level 3
Level 3

‎11-26-2009 01:42 PM

Hi,

Are you wishing to configure the Active/Standby via the Management port or monitor this interface as part of the failover?  If the latter then it's not recommended, the firewalls will changes roles should these interfaces change state, which you really don't want happening.  Let me know how you get on on the link provided in the other post, I have configure 2 ASA 5520 in Active/Standby mode and they work just great

0 Helpful

chetansharma
Level 1
Level 1
In response to Andy White

‎11-26-2009 08:08 PM

Hi,

Actually i dont have any more interface to configure failover , thats why i have to use managment interface to configure failover, my question is this can it work when firewall is in routed mode with single context mode,i want to configure stateful lan based active/standby failover.

From the above document my understanding says tht we can configure it, and actually i had configured it but when my active firewall goes down standby will take over but my application which are running in intranet and internet zones are not working.

The configuration of primary firewall replicates to the secondary when it goes down and i also confirmed these and and all the interfaces is up but my websites which are in dmz and inside zones are not working when primary firewall goes down.

0 Helpful

Andy White
Level 3
Level 3
In response to chetansharma

‎11-27-2009 01:11 AM

Can you post your configure for your interfaces and do a "sh failover" and post here please.

0 Helpful

chetansharma
Level 1
Level 1
In response to Andy White

‎11-27-2009 01:54 AM

Hi,

Please find attached configuration file.

Thank You

36210-config.txt.zip
0 Helpful

Andy White
Level 3
Level 3
In response to chetansharma

‎11-27-2009 08:57 AM

Your interfaces don't seem to have standby IP's, please post "sh run | i monitor" and post your ASA interfaces to see how you have configured them.

Rate if helpful

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card