I have a single production 5510 with 2 contexts. Now I want to integrate the secondary failover unit. My question is: How much configuration needs to be done on the secondary firewall? How much of the configuration will be sync'd from the primary to the secondary when the secondary is connected?
For example, do I need to add the following on the secondary or will it be sync'd from the primary?
As a first step , ensure that the secondary unit is configured in multiple mode and all physical interfaces are unshut following which you need to just configure the below commands in the system execution space and nothing else.
failover lan unit secondary
failover lan interface FO Ethernet3-> considering that this is the interface you are using for failover link
failover key *****
failover interface ip FO 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover--> enter this command at last
Please go through the below link and navigate to "Secondary Unit Configuration" section under the heading LAN-Based Active/Active Failover Configuration
After you enable failover, the active unit sends the configuration in running memory to the standby unit and the complete configuration of the primary (including the one which you have mentioned) gets replicated to secondary unit
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...