Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Integrating a secondary failover unit ASA 5510

Hello,

I have a single production 5510 with 2 contexts.  Now I want to integrate the secondary failover unit. My question is: How much configuration needs to be done on the secondary firewall?  How much of the configuration will be sync'd from the primary to the secondary when the secondary is connected?

For example, do I need to add the following on the secondary or will it be sync'd from the primary?

admin-context NAME

context NAME

  allocate-interface Ethernet0/0.14

  allocate-interface Ethernet0/0.200

  allocate-interface Ethernet0/1.23-Ethernet0/1.24

  allocate-interface Management0/0

  config-url disk0:/NAME.cfg

!           

context CONTEXT1

  allocate-interface Ethernet0/0.104

  allocate-interface Ethernet0/1.500

  config-url disk0:/CONTEXT1.cfg

Thanks

  • Firewalling
Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Integrating a secondary failover unit ASA 5510

Hi Greg,

Before I physically connect the standby firewall I should run the: "failover" command on the primary firewall, right?

You can introduce the secondary (standby) device in the network ; however enable the "failover" command on the primary firewall first.

The following line: "failover interface ip ASA-Failover 10.0.1.1 255.255.255.252 standby 10.0.1.2" is configured the same on both primary and secondary firewall, right?

Yes , absoultely correct

Hope this helps !

Regards

Ankur

3 REPLIES
New Member

Integrating a secondary failover unit ASA 5510

Hi Greg,

As a first step , ensure that the secondary unit is configured in multiple mode and all physical interfaces are unshut  following which you need to just configure the below commands in the system execution space and nothing else.

failover lan unit secondary

failover lan interface FO Ethernet3-> considering that this is the interface you are using for failover link

failover key *****

failover interface ip FO 10.1.1.1 255.255.255.0 standby 10.1.1.2

failover--> enter this command at last

Please go through the below link and navigate to "Secondary Unit Configuration" section under the heading LAN-Based Active/Active Failover Configuration

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml

After you enable failover, the active unit sends the configuration in running memory to the standby unit and the complete configuration of the primary (including the one which you have mentioned) gets replicated to secondary unit

Regards

Ankur

New Member

Integrating a secondary failover unit ASA 5510

Thanks Ankur,

Good information.  I have a few more questions. 

Before I physically connect the standby firewall I should run the: "failover" command on the primary firewall, right?

The following line: "failover interface ip ASA-Failover 10.0.1.1 255.255.255.252 standby 10.0.1.2" is configured the same on both primary and secondary firewall, right?

New Member

Re: Integrating a secondary failover unit ASA 5510

Hi Greg,

Before I physically connect the standby firewall I should run the: "failover" command on the primary firewall, right?

You can introduce the secondary (standby) device in the network ; however enable the "failover" command on the primary firewall first.

The following line: "failover interface ip ASA-Failover 10.0.1.1 255.255.255.252 standby 10.0.1.2" is configured the same on both primary and secondary firewall, right?

Yes , absoultely correct

Hope this helps !

Regards

Ankur

1483
Views
0
Helpful
3
Replies
This widget could not be displayed.