cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2190
Views
12
Helpful
5
Replies

ASA 5585 - multi context clustering

brahim.zahoui
Level 1
Level 1

Good Morning,

 

   I have an one ASA 5585  in multi context mode ( 18 context present). I would like to add an other ASA to do a cluster.  I would to have an Actif/Passif cluster .

Do i have to change configuration on all contexts ?

If anybody can help me ...thanks in advance.

1 Accepted Solution

Accepted Solutions

Yes.

You have to do it per interface in each context.

In the system context you allocate interfaces only.

Then in each context you have to add standby ip to each interface. I havent found the option to add standby in ASDM, i always use CLI.

It is probably a bit more difficult when adding an asa to the production, then deploying a HA cluster from the start. If your interface address is the first one in the subnet, use the last one for standby to avoid confusion and keep the config uniform. Hopefully you have done good with your ip plan, and reserved first few addresses for infrastructure :)

View solution in original post

5 Replies 5

Mirza Cutuk
Level 1
Level 1

You need to add failover configuration in system on the present asa.

Then switch the new one to multi mode, and run the same failover conf in the system context.

Simple config :

failover
failover lan unit primary
failover lan interface Failover GigabitEthernet0/5
failover key *****
failover link Failover GigabitEthernet0/5
failover interface ip Failover 10.10.10.1 255.255.255.252 standby 10.10.10.2

The primary will replicate all configuration to secondary, and you are done.

Thanks Mirza,

 

Do i have to add "stanby" and find an IP for all interfaces (inside and outside , inlcude interfaces on each context ....) ?  or only  on the failover interface Gig 0/5

 

regards

Hi

As far as i know, you have to add a standby address for all physical and logical interfaces.

Active asa in the cluster always assumes the interface address, and the passive one assumes the standby one.

I am no ASA expert, but these are basics :)

Thanks.

 

Do i have to do  under each context ?????

 

 

Yes.

You have to do it per interface in each context.

In the system context you allocate interfaces only.

Then in each context you have to add standby ip to each interface. I havent found the option to add standby in ASDM, i always use CLI.

It is probably a bit more difficult when adding an asa to the production, then deploying a HA cluster from the start. If your interface address is the first one in the subnet, use the last one for standby to avoid confusion and keep the config uniform. Hopefully you have done good with your ip plan, and reserved first few addresses for infrastructure :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: