Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure a LAN-based failover on a PIX/ASA Firewall

What is Failover?

Failover is automatic switching to a redundant or standby computer server, system, hardware component or network device upon the failure or abnormal termination of the previously active application server, system, hardware component, or network component. Failover and switchover are essentially the same operation, except that failover is automatic and usually operates without warning, while switchover requires human intervention.

Two Types of failover:

1.)Active/Active failover: Both units can pass network traffic. This lets you configure load balancing on your network.

2.)Active/Standby failover : In this scenario only one unit passes traffic while the other unit waits in a standby state.Active/Standby failover is available on units running in either single or multiple context mode.



1.) Must be in operating mode

     a.) Routed or Transparent.

     b.) Single or Multiple Context


1.) The two units in a failover configuration must have the same

      a.)hardware configuration:

      b.) same model

      c.) same number and types of interfaces

      d.) same amount of RAM


1.) PIX 500:

     a.) One of the unit should be having UR (Unrestrcited License). The other unit can have FO (Failover) license or FO_AA (Failover Active/Active) License.

          Note: Boxes with FO or FO_AA, Restricted licenses can not be used for failover.

2.) ASA:

    User need to understand the requirement and can go for the the license according to his need. (Security Plus Bundle)

More information can be seen on below mentioned link:

LAN BASED Failover

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:46 PM
Updated by:
Labels (1)