Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
1
Replies

asa failover

Go to solution
lkadlik
Level 1
Level 1

‎08-05-2010 09:34 AM - edited ‎03-04-2019 09:19 AM

Hi,

I have just taken over the manangement of this.  From what i understand failover has never been tested but the config looks right. I was hoping someone could take a look and confirm my thought.

interface GigabitEthernet0/0
nameif External-AN
security-level 0
ip address xx.xx.xx.xx  255.255.255.192 standby xx.xx.xx.xx
interface GigabitEthernet0/1
description LAN/STATE Failover Interface
!
interface GigabitEthernet0/2
nameif Internal-Subnet20
security-level 100
ip address 192.168.20.1 255.255.255.0 standby 192.168.20.2
!
interface GigabitEthernet0/3
nameif Internal-Subnet5
security-level 100
ip address 192.168.5.1 255.255.255.0 standby 192.168.5.2

fw1# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
failover replication http
Version: Ours 8.2(1), Mate 8.2(1)
Last Failover at: 04:56:27 EDT May 3 2010
        This host: Secondary - Active
                Active time: 8043993 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface External-AN (xx.xx.xx.xx): Normal
                  Interface Internal-Subnet20 (192.168.20.1): Normal
                  Interface Internal-Subnet5 (192.168.5.1): Normal
                  Interface management (0.0.0.0): Link Down (Not-Monitored)
                slot 1: empty
        Other host: Primary - Standby Ready
                Active time: 0 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface External-AN (xx.xx.xx.xx): Normal
                  Interface Internal-Subnet20 (192.168.20.2): Normal
                  Interface Internal-Subnet5 (192.168.5.2): Normal
                  Interface management (0.0.0.0): Normal (Not-Monitored)
                slot 1: empty

Stateful Failover Logical Update Statistics
        Link : failover GigabitEthernet0/1 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         36833939   0          3541299    3
        sys cmd         1278322    0          1278322    0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        20760464   0          759190     1
        UDP conn        12738239   0          1267238    2
        ARP tbl         2048444    0          236063     0
        Xlate_Timeout   0          0          0          0
        VPN IKE upd     1756       0          154        0
        VPN IPSEC upd   6684       0          332        0
        VPN CTCP upd    0          0          0          0
        VPN SDI upd     0          0          0          0
        VPN DHCP upd    0          0          0          0
        SIP Session     30         0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       17      7292769
        Xmit Q:         0       883     64098245


fw1# sh failover interface
        interface failover GigabitEthernet0/1
                System IP Address: 10.10.10.1 255.255.255.252
                My IP Address    : 10.10.10.2
                Other IP Address : 10.10.10.1

failover lan unit secondary
failover lan interface failover GigabitEthernet0/1
failover replication http
failover link failover GigabitEthernet0/1
failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2


============================================================================

primary (currently not active)

fw1# sh fail
fw1# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
failover replication http
Version: Ours 8.2(1), Mate 8.2(1)
Last Failover at: 12:16:06 EDT May 3 2010
        This host: Primary - Standby Ready
                Active time: 0 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface External-AN (xx.xx.xx.xx): Normal
                  Interface Internal-Subnet20 (192.168.20.2): Normal
                  Interface Internal-Subnet5 (192.168.5.2): Normal
                  Interface management (0.0.0.0): Link Down (Not-Monitored)
                slot 1: empty
        Other host: Secondary - Active
                Active time: 8044637 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.2(1)) status (Up Sys)
                  Interface External-AN (xx.xx.xx.xx): Normal
                  Interface Internal-Subnet20 (192.168.20.1): Normal
                  Interface Internal-Subnet5 (192.168.5.1): Normal
                  Interface management (0.0.0.0): Normal (Not-Monitored)
                slot 1: empty

Stateful Failover Logical Update Statistics
        Link : failover GigabitEthernet0/1 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         1072438    0          27627703   266
        sys cmd         1072438    0          1072438    0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        0          0          15031811   213
        UDP conn        0          0          9467080    53
        ARP tbl         0          0          2048569    0
        Xlate_Timeout   0          0          0          0
        VPN IKE upd     0          0          1756       0
        VPN IPSEC upd   0          0          6019       0
        VPN CTCP upd    0          0          0          0
        VPN SDI upd     0          0          0          0
        VPN DHCP upd    0          0          0          0
        SIP Session     0          0          30         0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       30      54896706
        Xmit Q:         0       1       1072438
fw1#


fw1# sh failover interface
        interface failover GigabitEthernet0/1
                System IP Address: 10.10.10.1 255.255.255.252
                My IP Address    : 10.10.10.1
                Other IP Address : 10.10.10.2

firewall conf


failover
failover lan unit primary
failover lan interface failover GigabitEthernet0/1
failover replication http
failover link failover GigabitEthernet0/1
failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-05-2010 09:38 AM

Yes, looks fine to me and failover must have worked at least once as the active firewall is now the standby.

One point though, when posting configs, outputs from devices if they contain public IPs can you blank them out eg. xx.xx.xx.xx

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-05-2010 09:38 AM

Yes, looks fine to me and failover must have worked at least once as the active firewall is now the standby.

One point though, when posting configs, outputs from devices if they contain public IPs can you blank them out eg. xx.xx.xx.xx

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card