cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1261
Views
0
Helpful
20
Replies

Failover using Cisco ASA 5500- need help please...

m-abooali
Level 4
Level 4

Hi,

we have purchased these two Cisco ASA 5500 series ASA for a customer who has requested active/standby failover. I have gone through these Cisco documentation explaning the failover configuration and the fact that there are twp methods, statfull and regular.

I am confused about the "Serial Cable" and Also the LAN based failover since there is a switch between the two ASAs for LAN based failover.

these ASA has 4 ethernet ports, 0 through 3 a total of 4. I assume just like PIXs, ethernet 0 is inside interface and ethernet 1 is outside but I am not sure how to use the other two ports(interfaces) for faulover?

what is the serial cable for this type of failover ? and what is the port on teh appliance for this to hapen? I have not seen serlial ports in the back of these appliances?

can someone please help me uderstand this and wht i need t make this happen using the two ASA appliances that the have purchased?

I don't even kno wif thry are the right ones for this job but I know they got the unrestricted license to support failover?

how do I use these 4 ethernet Interfaces?

there are aslo console and managemnet Interfaces as well plus some USB ports, 2 of them.

Please advise.

Regards,

Masood

20 Replies 20

Hi,

I have some notes:

- You can use the same interface for lan failover and stateful failover.

- To get the configuration replicated to the secondary ASA, you need to configure failover configuration on the secondary ASA.

My suggession for your configuration are:

for the primary ASA:

failover

failover lan unit primary

failover lan interface Failover Ethernet0/3

failover link Failover Ethernet0/3

failover replication http

failover interface ip Failover 10.10.1.1 255.255.255.0 standby 10.10.1.2

For the secondary ASA:

failover

failover lan unit secondary

failover lan interface Failover Ethernet0/3

failover link Failover Ethernet0/3

failover interface ip Failover 10.10.1.1 255.255.255.0 standby 10.10.1.2

you dont need to configurer interfaces on secondary, just add the standby option to ip address in the primary, i.e:

ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2

with regards

Hi,

I followed Cisco training on this and configured the inisde and outside interfaces on the primary and secondary and then, on thr Primary, I configured the Lan failover and State failover using two Interfaces ethernet03 and ethernet 02. based on Cisco, the configuration mustget replicated on the secondary from the primary ASA.

here is my configuration on the primary but i still need to connect the devices to the netrwork and see how it behaves.

I am going to do this in the next hour or so, here is my configuration:

iscoasa# sh failover int

interface paclotus-Failover Ethernet0/3

System IP Address: 10.10.1.1 255.255.255.0

My IP Address : 10.10.1.1

Other IP Address : 10.10.1.2

interface StatFailover Ethernet0/2

System IP Address: 10.10.3.1 255.255.255.0

My IP Address : 10.10.3.1

Other IP Address : 10.10.3.2 ciscoasa#

Please let me kno wif yoy think this is alright.

Regards,

Masood

HI All,

1.What is the status now ?

2.Can we use fiber cable(sfb)in between ASA5520 to Switch 6509

3.SSM-4GE. ASA 5500 4-Port Gigabit Ethernet SSM (RJ-45+SFP).

IS it used for CAT 5 CABLE or fiber cable

the Status?

well, I used cables between ethernet 2 and ethernet3 for failover and the configutation seems to be working, listening and no errors but I have not tested the actula failing over just yet, may be tonight.

about you second question, why switching betn ASA nd 6506 switch?

Thx,

Masood

IN Active Standby Method,MY nework is having Two 6509 switch and Two Asa .

so, you are usig one of the switches for failover used by the two ASAs?

LAN Base Failove/State failover,usually the failover connect to two vlans, one for LAN and one for state. I have done that ASA to ASA consuming all the ports on the two ASA just becaus they didn't want to buy a switch!

Regards,

Masood

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: