Cisco ASA 5520 Active/Standby Redundant Failover

davidjfclawson · ‎11-19-2010

Hi,

Reading through the documentation recommendations and I would like to configure the following setup http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/ha_overview.html#wp1095702 scenario 4, figure 58-6 but I can't find specifically details on how to configure the standby redundant failover connection.

Is the stateful failover interface being specified as a different interface to the LAN failover interface the same as a redundant failover line as detailed in figure 58-6?

Thanks,

David.

davidjfclawson · ‎11-19-2010

Ok,

I figured out how that we needed to configure a pair of redundant interfaces and then setup the failover using the redundant interface.

I have tested with both cross over cables for the connectivity between the interfaces and straight through cables with a switch. The configuration of both firewalls syncs up, the failover works if one of the interfaces on the primary fails, and both interfaces can ping each other from the redundant interface named failover.

Cheers,

David.

Panos Kampanakis · ‎11-19-2010

It is not required to use a redundant interface for failover.

You can use the failover and the state interface being the same physical interface, you can use seperate one, you can also use redundant interfaces. They will all work.

I hope it clarifies it. a little.

PK

Kureli Sankar · ‎11-19-2010

David,

What ASDM version are you using? This may be an issue with ASDM.

Gather the "sh fail" status from both untis and make sure the output is what you expect.

Primary shows - This unit active other unit standby ready

secondary shows - This unit standby ready other unit active

Or vice versa.

If this status shows all good, then the issue is mostly likely with the ASDM image you are running.

-KS