Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA in transparent mode with LAN based Active/Standby Failover?

Is it possible to have a pair of ASA's in transparent mode with LAN based Active/Standby Failover? I configured the failover portion, then configured transparent mode and it erased my failover configuration. Is this configuration supported, and if so is there an example?

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: ASA in transparent mode with LAN based Active/Standby Failov

Yes. It is possible to have a pair of ASA in transparent mode with LAN based Active/Standy failover. You should do the failover configuration after converting the appliance into transparent mode.

I haven't seen any example on cisco site, but I will give you example from one of the project which I executed. Infact its very easy to configure failover in transparent mode. Less work.

I have listed the configs on both the firewall for your reference

Primary Firewall

============

interface GigabitEthernet0/0

nameif outside

security-level 0

no shut

!

interface GigabitEthernet0/1

nameif inside

security-level 100

no shut

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

ip address 192.168.9.2 255.255.255.0 standby 192.168.9.7

failover

failover lan unit primary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

On Secondary Firewall

=================

failover

failover lan unit secondary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

int GigabitEthernet0/3

no shut

Hope the above helps.

5 REPLIES
Community Member

Re: ASA in transparent mode with LAN based Active/Standby Failov

Yes. It is possible to have a pair of ASA in transparent mode with LAN based Active/Standy failover. You should do the failover configuration after converting the appliance into transparent mode.

I haven't seen any example on cisco site, but I will give you example from one of the project which I executed. Infact its very easy to configure failover in transparent mode. Less work.

I have listed the configs on both the firewall for your reference

Primary Firewall

============

interface GigabitEthernet0/0

nameif outside

security-level 0

no shut

!

interface GigabitEthernet0/1

nameif inside

security-level 100

no shut

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

ip address 192.168.9.2 255.255.255.0 standby 192.168.9.7

failover

failover lan unit primary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

On Secondary Firewall

=================

failover

failover lan unit secondary

failover lan interface FAILINT GigabitEthernet0/3

failover key abcdef

failover interface ip FAILINT 172.16.9.1 255.255.255.0 standby 172.16.9.7

int GigabitEthernet0/3

no shut

Hope the above helps.

Community Member

Re: ASA in transparent mode with LAN based Active/Standby Failov

That did the trick! Thanks, it worked perfectly.

Community Member

Re: ASA in transparent mode with LAN based Active/Standby Failov

I am a little confused about transparent mode with failover. To explain my confusion, let's take the scenario of routed mode where you want to configure an inside router to an internet router and the PIX failover bundle is in the middle. In this instance, you would configure two VLAN networks on a switch and connect the (2) PIX inside interfaces and the inside router to VLAN1 and would connect the (2) PIX outside interfaces and the outside router to VLAN2

How would you accomplish the above if you are doing transparent mode?

Thank you

Community Member

Re: ASA in transparent mode with LAN based Active/Standby Failov

quick question.

i configured failover with transparent mode and it seems to work fine when the active box goes down.

but have you tried this with a 'monitor-interface' scenario, where usually if one of the interfaces on the active pix (or asa) goes down, the standby pix becomes active?

i know that a monitor-interface scenario is somewhat L3 based, so a pix routed mode comes in handy. but i've been trying to get this to work and the active pix, just won't failover.

regards,

c.

Community Member

Re: ASA in transparent mode with LAN based Active/Standby Failov

Hello, i did almost the same configuration but i have one problem when i tried use the ASDM by web or soft, always request the password, never work.

Did you had any problem with the console administration in this mode(transparent)?

597
Views
0
Helpful
5
Replies
CreatePlease to create content