Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

5510 Wan Failover

Hi -

I recently purchased 2 ASA 5510's. I also have two ISP connections. How do i configure the two devices to perform WAN failover for each other? I have read the documents online but the active/active failover document seems to apply only to LAN based failover, not WAN based. Thanks.



Re: 5510 Wan Failover

LAN based means that the exchange of information between two ASAs will be done through the LAN, (instead of the old failover cable, available only for PIX).

Community Member

Re: 5510 Wan Failover

sorry - yes, you are absolutely right on. let me clarify my question - I have 2 isp's. if i configure the 2 ASA's according to the cisco docs (active/active failover) with 2 security context - if ISP1 goes down, then the security context using ISP1 will also go down because the standby IP is also using the same ISP - which is exactly what i don't want.


Re: 5510 Wan Failover

You can install, ISP1 in the two contexts of ASA1 and ISP2 in the two contexts of ASA2.

Leave context1 active in ASA1 and standby in the ASA2 and vice-versa. So If One ISP goes down the context will go down on that ASA but will be active in the other one.

Some more things to consider. Why would you still use this context if the ISP is down?

Other very important thing, usually when ISP connection goes down it's not the directly connected ASAs interface, so, for ASA the "ISP" will be always UP, will goes down only if it's ethernet port goes down.

I trully recomend you using a router to the ISP redundancy, with router protocol or RTR.

CreatePlease to create content