cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
213
Views
0
Helpful
1
Replies

Admin Context access to two 5540 firewalls working as Active-Active

mahmoud.yasin
Level 1
Level 1

i have two firewalls configured as an Active-Active, i created two contexts plus the admin context in each firewall.

as in the failover, one unit is acting as a Primary unit, and the other unit is acting as Secondary. so the primary unit is responsible for Running-Conf replication to the secondary one.

My Problem is:

the primary unit synchronize all the running configuration to the secondary, including the Admin Context configuration ( IP address.......).

i use the admin context for the management access to each firewall, so by this the two firewalls have the same IP address. which result of access problem to the secondary firewall.

i have to use the admin context for the management; because the management interface is used for the failover.

1 Reply 1

Hi Mahmoud,

You'll want to configure your IP addresses with the 'standby' keyword. This way, the Secondary unit will use the standby IP address and you can access your devices on two different addresses. For each of your 'ip address' statements, simply add the 'standby' keyword to the end of it:

asa(config-if)# ip address standby

This configuration will then be replicated to the Secondary unit, which you will be able to access with the .

Also, the must be an unused address in the same subnet as the .

Here is a quick link to the Active/Active configuration example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml

Hope that helps.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: