Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Active-Active Failover when different contexts monitor different interfaces

I'm trying to understand the relationship between failover groups and contexts, however it appears that the configuration is split in an way that I am having trouble understanding.

 

The interfaces that you actually monitor are configured PER CONTEXT e.g.

ciscoasa/ConextA(config)# monitor-interface inside

But the number of interfaces that need to fail for failover to take place is done PER FAILOVER GROUP e.g.

ciscoasa(config)# failover group 1

ciscoasa(config-fover-group)# interface-policy 1

(from the system context)

 

If my laptop could take it, I would spin up a test environment in GNS3, but I think the best way to ask the question is to give an example. What would happen in the following setup:

 

OPTION 1

 

OPTION 2

 

Thanks in advance smiley

  • Firewalling
Everyone's tags (3)
1 REPLY
VIP Green

You would never have a

You would never have a scenario where, as you put it, the Admin context would monitor Gi0 and ContextB also monitor Gi0.  This is because you need to assign the interface to a specific context and once it is assigned to one context it can not also be assigned to another...unless you have configured subinterfaces, then those subinterfaces can be split up and assigned to seperate contexts.  But one interface or one subinterface can not be assigned to more than one context.

Now, if you have failover groups configured and an interface on one failover group dies, then only the context that the interface belongs to will failover to the standby failover group.

The following is a good article to have a read through on the Active/Active failover functions:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91336-pix-activeactive-config.html

--

Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
66
Views
0
Helpful
1
Replies
This widget could not be displayed.