Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA from active/standby to active/active

Hello,

I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them.

I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit.

My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.

Thanks!

6 REPLIES

Re: ASA from active/standby to active/active

Hi Bro

Yes, when migrating from ACTIVE/STANDBY setup to ACTIVE/ACTIVE multi-context setup, there will be network outage as the configuration of the Cisco ASA FW changes. If fact, the first step is to change the Cisco ASA FW to run in mode multiple. This itself require a reboot on both the Cisco ASA FW :-)

If you know what you’re doing, I would guess a 15min network outage is needed for this exercise.

P/S: If you think this comment is helpful, please do rate it nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Re: ASA from active/standby to active/active

Hi Ramraj,

the existing configuration which is active/standby is already multicontext "mode multiple" is already there.

So reboot is not required.

Re: ASA from active/standby to active/active

Hi Bro

Thanks for the update, but still you'll need to create 2 contexts, each context will be ACTIVE on different Cisco ASA FW units. Hence, there will be some cut, copy and paste effort, not forgetting recabling, if that's needed. Here's a Cisco document to configure ACTIVE/ACTIVE for those who can't seem to find this document http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req

Conclusion: There will be some network downtime. I'm guessing 15min, if it was me :-)

P/S: If you think this comment is helpful, please do rate it nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Re: ASA from active/standby to active/active

Thanks for the reply, but I don't need to create contexts, I have them already created on the active/standby pair.

I just need to create two failover groups and assign them accordingly.

My guess is that if there is no failover for the moment of this works, both contexts are supposed to be available on the primary unit until I get the failover back configured for active/active.

Re: ASA from active/standby to active/active

Hi Bro

I think it's either I've misunderstood you or you've misunderstood me with regards to this subject. In creating ACTIVE/ACTIVE Failover, you'll need to have at least 2 contexts e.g. USER CONTEXT and SERVERFARM CONTEXT. USER CONTEXT will be ACTIVE in Cisco ASA FW1 and SERVERFARM CONTEXT will be ACTIVE in Cisco ASA FW2. With this, then you create 2 FAILOVER groups PRIMARY and SECONDARY, and assigned them to the respective contexts.

In a ACTIVE/STANDBY Failover, you only have is a single context. Would you like to paste your latest show running-config here so that I could explain this further to you?

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

ASA from active/standby to active/active

Hi Ramraj,

I don't need explanation thanks. I know what I am doing and I will consider what you mentioned here as well.

390
Views
0
Helpful
6
Replies
CreatePlease to create content