Active/Active or Active/Standby, that is the question

Unanswered Question
Jan 28th, 2010
User Badges:

Hello!

Which command I can understand if two Cisco ASA are configured at Active/Active or Active/Standby?
Following extract the output of the command show version:


Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100      
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 2        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2        

This platform has an ASA 5510 Security Plus license.


Let me know!

Thank you,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Thu, 01/28/2010 - 09:47
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello!

Which command I can understand if two Cisco ASA are configured at Active/Active or Active/Standby?
Following extract the output of the command show version:


Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100      
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 2        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2        

This platform has an ASA 5510 Security Plus license.


Let me know!

Thank you,

Hi,


Show version will tell about appropriate running software license in firewall.


show failover state command will tell about the actual state of the firewall it is primary or standby.


Hope to help !!


If helpful do rate


Ganesh.H

Paolo Bratti Thu, 01/28/2010 - 23:38
User Badges:

Hi,

Following the output of the command show failover state:


CiscoASA# show failover state

               State          Last Failure Reason      Date/Time
This host  -   Primary
               Active         Ifc Failure              10:09:01 Italy Jan 27 2010
                              dmz: Failed
Other host -   Secondary
               Standby Ready  Ifc Failure              15:18:36 Italy Jul 21 2009
                              dmz: Failed

====Configuration State===
    Sync Done
    Sync Done - STANDBY
====Communication State===
    Mac set

CiscoASA#


so, this firewall is configured at Active/Active mode or Active/Standby mode?

Thank you,

Ganesh Hariharan Fri, 01/29/2010 - 00:26
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,

Following the output of the command show failover state:


CiscoASA# show failover state

               State          Last Failure Reason      Date/Time
This host  -   Primary
               Active         Ifc Failure              10:09:01 Italy Jan 27 2010
                              dmz: Failed
Other host -   Secondary
               Standby Ready  Ifc Failure              15:18:36 Italy Jul 21 2009
                              dmz: Failed

====Configuration State===
    Sync Done
    Sync Done - STANDBY
====Communication State===
    Mac set

CiscoASA#


so, this firewall is configured at Active/Active mode or Active/Standby mode?

Thank you,



Hi,


The above output  says the configuration is for Active/Standby mode for Active/Active mode you will groups assigned to firewall which will act as active for specific group and stanby for specific.


the below output will be for active/active sample configuration in failover


PIX1(config-subif)#show failover
Failover On
Cable status: N/A - LAN-based failover enabled
Failover unit Primary
Failover LAN Interface: LANFailover Ethernet3 (up)
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 7.2(2), Mate 7.2(2)
Group 1 last failover at: 06:12:45 UTC Apr 16 2007
Group 2 last failover at: 06:12:43 UTC Apr 16 2007


  This host:    Primary
  Group 1       State:          Active
                Active time:    359610 (sec)
  Group 2       State:          Standby Ready
                Active time:    3165 (sec)


                  context1 Interface inside (192.168.1.1): Normal
                  context1 Interface outside (172.16.1.1): Normal
                  context2 Interface inside (192.168.2.2): Normal
                  context2 Interface outside (172.16.2.2): Normal


  Other host:   Secondary
  Group 1       State:          Standby Ready
                Active time:    0 (sec)
  Group 2       State:          Active
                Active time:    3900 (sec)


                  context1 Interface inside (192.168.1.2): Normal
                  context1 Interface outside (172.16.1.2): Normal
                  context2 Interface inside (192.168.2.1): Normal
                  context2 Interface outside (172.16.2.1): Normal



Hope that clear out your query !!


If helpful do rate


Ganesh.H

Actions

This Discussion

Related Content