Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

setting up lan based failover via management port

Hi all, I have 2 cisco asa's, what are the minimum commands that I can set up lan based stateful failover between my 2 devices.

cheers

Carl

12 REPLIES

Re: setting up lan based failover via management port

hi Carl

have a look at the following link it is very useful for ur case

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#Reg

good luck

if helpful Rate

New Member

Re: setting up lan based failover via management port

hi there

I have seen a video on this topic, it says no setup is needed on the secondary unit except an ip and https access.

Can anyone add to this, I just need the minimum commands required to setup stateful failover via my management interface, and what commands I can see who is active, and how to do a manual failover ?

Re: setting up lan based failover via management port

Note that you must configure the failover key command on the secondary firewall so that it can receive

the configuration from the primary firewall .

failover

failover lan unit secondary

failover lan interface faillink [interface]

failover key [urkey]

failover interface ip faillink [ip] standby [ip]

use

show failover to see the failover status

if u wanna manully make the secondary firewall as the active one do the following command

failover active

good luck

please, if helpful Rate

New Member

Re: setting up lan based failover via management port

are you sure I need to enable all this on the secondary device?

do i need to type all that in on the secondary firewall? and what is the failover command on its own used for at the top of the below config

"failover

failover lan unit secondary

failover lan interface faillink [interface]

failover key [urkey]

failover interface ip faillink [ip] standby [ip]"

Re: setting up lan based failover via management port

only this thats it

ant other config like ACLs nating and so on will be transfered automaticly

New Member

Re: setting up lan based failover via management port

so do I make the ip address on the interface exactly the same as the primary box, then when I define as secondary is automatically uses the standby address? and how do I make it a stateful failover using the same interface ?

New Member

Re: setting up lan based failover via management port

Hi all, can anyone help with this?

Also do I have to have a secondary ip address for all interfaces? even if im using the management port for my dedicated link?

Thanks

Re: setting up lan based failover via management port

with the management, you will need to manage both devices seperately so yes you need to have a standby IP address for your management interface as well. you synch STBY IP's from the Active ASA. If you dont want to failover an interface, then no need for a STBY IP as long as Monitored is not setup on the interface.

New Member

Re: setting up lan based failover via management port

I dont understand what you are saying here? do you mean if I want to have all interfaces monitored, then put a standby ip on all of them? if I use a dedicated management interface for my failover, can I just have the standby ip address on that?

and when I configure my secondary box, do I put the config for the interfaces exactly the same as the primary one? i.e interface ip ad standby ip addresses exactly the same on each box?

Re: setting up lan based failover via management port

LAN-Based Active/Standby Failover Configuration is well documented in the following link including detailed step/step instruction. see http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbas

New Member

Re: setting up lan based failover via management port

Hi There

I have read the document, however, I have a question, do I need to add standby ip addresses for all my interfaces ? I want to me able to manage the secondary one from any interface using the secondary ip address.

please can you let me know

thanks for the help

Carl

New Member

Re: setting up lan based failover via management port

I suppose it is in router mode,

so YES you have to have a standby IP for each interface!

Regards,

vlad

272
Views
0
Helpful
12
Replies
CreatePlease to create content