Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA failover issue

Dear concern,

We have two ASA 5520 and configured lan base fail over.

But failover not working as per expectation.

Please find attachment of show tech of both ASA.

Regards

Imran

4 REPLIES
Community Member

Re: ASA failover issue

Hi,

u need to sub-interface the failover interface and connect with a cross cable, and finish of the configuration as per the attachment

Thanks

AP

Community Member

Re: ASA failover issue

Hi, from what I see the firewall failover is well configured, you have not configured the stateful failover feature, which allows for all connections, IPsec sessions, etc to be synced with he secondary unit. The command should do the job for you:

failover link sync GigabitEthernet0/1

Community Member

Re: ASA failover issue

Hi marc-andre,

Can I have two ASA's connected via a single ethernet cable (ASA-1 G0/3 and ASA-2 G0/3)?

Can I use IP address for those interface that are not in my routing table (1.1.1.1 & 1.1.1.2)?

What are the most basic commands needed?

thanks

Community Member

Re: ASA failover issue

Yes you can.

I have connected them directly with a straight cable and the configuration is as follows:

Firewall1# sh runn failover

failover

failover lan unit primary

failover lan interface stateful Management0/0

failover polltime unit msec 200 holdtime msec 800

failover polltime interface msec 500 holdtime 5

failover link stateful Management0/0

failover interface ip stateful 192.168.254.1 255.255.255.252 standby 192.168.254.2

-----------------------------------------------------------------------------------

Firewall2# sh runn failover

failover

failover lan unit secondary

failover lan interface stateful Management0/0

failover polltime unit msec 200 holdtime msec 800

failover polltime interface msec 500 holdtime 5

failover link stateful Management0/0

failover interface ip stateful 192.168.254.1 255.255.255.252 standby 192.168.254.2

This configuration is working for me.

266
Views
4
Helpful
4
Replies
CreatePlease to create content