Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1009
Views
0
Helpful
5
Replies

ASA in transparent mode with LAN based Active/Standby Failover?

Go to solution
paulhignutt
Level 1
Level 1

‎01-16-2006 05:23 PM - edited ‎02-21-2020 12:38 AM

Is it possible to have a pair of ASA's in transparent mode with LAN based Active/Standby Failover? I configured the failover portion, then configured transparent mode and it erased my failover configuration. Is this configuration supported, and if so is there an example?

Thanks in advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
prasadrp
Level 1
Level 1

‎01-17-2006 05:02 AM

Yes. It is possible to have a pair of ASA in transparent mode with LAN based Active/Standy failover. You should do the failover configuration after converting the appliance into transparent mode.

I haven't seen any example on cisco site, but I will give you example from one of the project which I executed. Infact its very easy to configure failover in transparent mode. Less work.

I have listed the configs on both the firewall for your reference

Primary Firewall

============

interface GigabitEthernet0/0

nameif outside

security-level 0

no shut

!

interface GigabitEthernet0/1

nameif inside

security-level 100

no shut

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

ip address 192.168.9.2 255.255.255.0 standby 192.168.9.7

failover

failover lan unit primary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

On Secondary Firewall

=================

failover

failover lan unit secondary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

int GigabitEthernet0/3

no shut

Hope the above helps.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
prasadrp
Level 1
Level 1

‎01-17-2006 05:02 AM

Yes. It is possible to have a pair of ASA in transparent mode with LAN based Active/Standy failover. You should do the failover configuration after converting the appliance into transparent mode.

I haven't seen any example on cisco site, but I will give you example from one of the project which I executed. Infact its very easy to configure failover in transparent mode. Less work.

I have listed the configs on both the firewall for your reference

Primary Firewall

============

interface GigabitEthernet0/0

nameif outside

security-level 0

no shut

!

interface GigabitEthernet0/1

nameif inside

security-level 100

no shut

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

ip address 192.168.9.2 255.255.255.0 standby 192.168.9.7

failover

failover lan unit primary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

On Secondary Firewall

=================

failover

failover lan unit secondary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

int GigabitEthernet0/3

no shut

Hope the above helps.

0 Helpful

Go to solution
paulhignutt
Level 1
Level 1
In response to prasadrp

‎01-17-2006 09:17 AM

That did the trick! Thanks, it worked perfectly.

0 Helpful

Go to solution
ciscors
Level 1
Level 1
In response to paulhignutt

‎03-25-2006 08:53 AM

I am a little confused about transparent mode with failover. To explain my confusion, let's take the scenario of routed mode where you want to configure an inside router to an internet router and the PIX failover bundle is in the middle. In this instance, you would configure two VLAN networks on a switch and connect the (2) PIX inside interfaces and the inside router to VLAN1 and would connect the (2) PIX outside interfaces and the outside router to VLAN2

How would you accomplish the above if you are doing transparent mode?

Thank you

0 Helpful

Go to solution
Carlos A. Silva
Level 3
Level 3
In response to prasadrp

‎05-31-2006 04:23 PM

quick question.

i configured failover with transparent mode and it seems to work fine when the active box goes down.

but have you tried this with a 'monitor-interface' scenario, where usually if one of the interfaces on the active pix (or asa) goes down, the standby pix becomes active?

i know that a monitor-interface scenario is somewhat L3 based, so a pix routed mode comes in handy. but i've been trying to get this to work and the active pix, just won't failover.

regards,

c.

0 Helpful

Go to solution
dsegura
Level 1
Level 1
In response to prasadrp

‎09-19-2006 07:09 AM

Hello, i did almost the same configuration but i have one problem when i tried use the ASDM by web or soft, always request the password, never work.

Did you had any problem with the console administration in this mode(transparent)?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card