Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
0
Helpful
7
Replies

Configuring Active/Standby Failover on an ASA 5520

browningm
Level 1
Level 1

‎02-14-2007 11:52 AM - edited ‎03-11-2019 02:33 AM

When setting up the Stateful failover link, are there any issues if you use the management interface or should you only use an ethernet interface?

Labels:
0 Helpful
7 Replies 7

vitripat
Level 7
Level 7

‎02-14-2007 12:00 PM

You can use the management interface for stateful failover. However, if you are using gigabit data interfaces, its recommended that stateful link also be a gigabit interface.

0 Helpful

browningm
Level 1
Level 1
In response to vitripat

‎02-14-2007 12:30 PM

Ok thanks.

Then next question will be that I'm having some issues trying to enable the failover. I have gone through the configurations and made sure have that everything is correct. I've checked to make sure that they are both on same version, mode.

After I enter command for failover, nothing happens...are there any suggestions that could give that I might be overlooking?

0 Helpful

vitripat
Level 7
Level 7
In response to browningm

‎02-14-2007 12:34 PM

You need to enter failover command on both Primary and Secondary box to get failover working. Please refer to flollowing link also to make sure that configuration has been done as defined here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/general/failover.htm#wp1058096

0 Helpful

browningm
Level 1
Level 1
In response to vitripat

‎02-15-2007 07:58 AM

Sorry should have been more clear on that part. I have done the failover command on the primary first and the secondary afterward with no luck.

Also just saw this and not sure if might be an issue but when do sh ver on both, the primary hardware is ASA5520 and secondary is ASA5520-k8. Will this be an issue?

0 Helpful

vitripat
Level 7
Level 7
In response to browningm

‎02-15-2007 10:09 AM

What version are you running? Were you trying to configure failover from ASDM wizard? If yes, it wont recognize them as same hardware due to a bug, you need to configure failover from CLI. If you did configure it from CLI, there shouldnt be any issue. Can you provide the configuration from the Primary firewall?

0 Helpful

browningm
Level 1
Level 1
In response to vitripat

‎02-15-2007 12:08 PM

I believe I just found what might be causing the issue. The primary ASA has different WebVPN license than the secondary ASA.

0 Helpful

vitripat
Level 7
Level 7
In response to browningm

‎02-15-2007 01:35 PM

ok .. if that is the case, failover will not work as it needs same license on both devices.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card