cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
599
Views
0
Helpful
12
Replies

setting up lan based failover via management port

carl_townshend
Spotlight
Spotlight

Hi all, I have 2 cisco asa's, what are the minimum commands that I can set up lan based stateful failover between my 2 devices.

cheers

Carl

12 Replies 12

Marwan ALshawi
VIP Alumni
VIP Alumni

hi Carl

have a look at the following link it is very useful for ur case

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#Reg

good luck

if helpful Rate

hi there

I have seen a video on this topic, it says no setup is needed on the secondary unit except an ip and https access.

Can anyone add to this, I just need the minimum commands required to setup stateful failover via my management interface, and what commands I can see who is active, and how to do a manual failover ?

Note that you must configure the failover key command on the secondary firewall so that it can receive

the configuration from the primary firewall .

failover

failover lan unit secondary

failover lan interface faillink [interface]

failover key [urkey]

failover interface ip faillink [ip] standby [ip]

use

show failover to see the failover status

if u wanna manully make the secondary firewall as the active one do the following command

failover active

good luck

please, if helpful Rate

are you sure I need to enable all this on the secondary device?

do i need to type all that in on the secondary firewall? and what is the failover command on its own used for at the top of the below config

"failover

failover lan unit secondary

failover lan interface faillink [interface]

failover key [urkey]

failover interface ip faillink [ip] standby [ip]"

only this thats it

ant other config like ACLs nating and so on will be transfered automaticly

so do I make the ip address on the interface exactly the same as the primary box, then when I define as secondary is automatically uses the standby address? and how do I make it a stateful failover using the same interface ?

Hi all, can anyone help with this?

Also do I have to have a secondary ip address for all interfaces? even if im using the management port for my dedicated link?

Thanks

with the management, you will need to manage both devices seperately so yes you need to have a standby IP address for your management interface as well. you synch STBY IP's from the Active ASA. If you dont want to failover an interface, then no need for a STBY IP as long as Monitored is not setup on the interface.

I dont understand what you are saying here? do you mean if I want to have all interfaces monitored, then put a standby ip on all of them? if I use a dedicated management interface for my failover, can I just have the standby ip address on that?

and when I configure my secondary box, do I put the config for the interfaces exactly the same as the primary one? i.e interface ip ad standby ip addresses exactly the same on each box?

LAN-Based Active/Standby Failover Configuration is well documented in the following link including detailed step/step instruction. see http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbas

Hi There

I have read the document, however, I have a question, do I need to add standby ip addresses for all my interfaces ? I want to me able to manage the secondary one from any interface using the secondary ip address.

please can you let me know

thanks for the help

Carl

I suppose it is in router mode,

so YES you have to have a standby IP for each interface!

Regards,

vlad

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: