Active/Active Transparent MultiContext - questions

khmeade · ‎01-27-2006

Hi there,

I have two ASA5400 and I'm trying to set them up in transparent mode / multiple context with active/active failover.

I was wondering if you had a) any advice on this - good or bad etc.. and b) when configured and I show failover within a context I see:

Failover On

Last Failover at: 15:26:51 UTC Jan 24 2006

This context: Active

Active time: 178137 (sec)

Interface outside (172.17.16.13): Normal (Waiting)

Interface inside (172.17.16.13): Normal (Waiting)

Peer context: Standby Ready

Active time: 78 (sec)

Interface outside (0.0.0.0): Unknown (Waiting)

Interface inside (0.0.0.0): Unknown (Waiting)

Is the status (waiting) a cause for concern in this configuration given that there is no IP address assigned to the inside or outside interfaces?

many thanks for responses.

Ken

varakantam · ‎01-29-2006

It's defnitely a concern I guess you forgot to configure a standby IP address for the administrative interface in tranparent mode.

The following example sets the management address and standby address of a transparent firewall:

hostname(config)# ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2

"If you do not enter a failover IP address, the show failover command displays 0.0.0.0 for the IP address, and monitoring of the interfaces remain in a "waiting" state. You must set a failover IP address for failover to work."

khmeade · ‎01-30-2006

Thanks, I had failover configured in the system area on it's own interface, neglected to configure the standby within each context.

Ken

varakantam · ‎01-30-2006

Could you please rate the post if the information was useful to you ?