Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Admin Context access to two 5540 firewalls working as Active-Active

i have two firewalls configured as an Active-Active, i created two contexts plus the admin context in each firewall.

as in the failover, one unit is acting as a Primary unit, and the other unit is acting as Secondary. so the primary unit is responsible for Running-Conf replication to the secondary one.

My Problem is:

the primary unit synchronize all the running configuration to the secondary, including the Admin Context configuration ( IP address.......).

i use the admin context for the management access to each firewall, so by this the two firewalls have the same IP address. which result of access problem to the secondary firewall.

i have to use the admin context for the management; because the management interface is used for the failover.


Re: Admin Context access to two 5540 firewalls working as Active

Hi Mahmoud,

You'll want to configure your IP addresses with the 'standby' keyword. This way, the Secondary unit will use the standby IP address and you can access your devices on two different addresses. For each of your 'ip address' statements, simply add the 'standby' keyword to the end of it:

asa(config-if)# ip address standby

This configuration will then be replicated to the Secondary unit, which you will be able to access with the .

Also, the must be an unused address in the same subnet as the .

Here is a quick link to the Active/Active configuration example:

Hope that helps.