COnfiguring active-active failover on Cicso ASA 5520

Dileep Sivadas Padmini · ‎08-31-2008

Hi everyone,

I have two Cisco ASA 5520 with active/active failover license and need to configure them as active/active pair.

Changed both firewalls to multiple context mode and configured primary firewall in admin context.

I would like to know one things

If I have only one context how can i configure the firewalls in Active/Active mode.

Dileep

joe19366 · ‎08-31-2008

Even if you technically are only using one context for your access-list rules, etc there will be the other contexts;

system - contains the allocate-interface commands, which assign fw interfaces or vlans to virtual firewalls

admin - used to administer the firewall or as the first context for access-list rules

context1 - contains server and workstation access-list entries, such as email, www, citrix, etc.

So when you say you are only using one context the others still exist.

-Joe

Dileep Sivadas Padmini · ‎09-01-2008

yes, Joe that's true.

But I have another isssue when I enabling the active/active failover on both firewall, the replication between them taking place and my dynamic NATing enteries working fine. But the static NAT entries failed. Could you please tell me what will be the problem and how to troubleshoot this .

Dileep

Marwan ALshawi · ‎09-01-2008

try to do

clear xlate

clear conn

or reload

some times this make problem i apllying the nating and nat polices if u have as well

by the way if u have one context u cant run active/active paractly

because active/active is run in a active/stnadby way but for multiple context u gonna make one active for this context and standby for other context and on the other firewall the same idea

if helpful Rate