Standby Unit Configuration: enable LAN Failover asa(config)failover lan enable Define the failover interface asa(config)failover lan interface failover Ge02.1 assign IP address to failover interface asa(config)failover interface ip failover 192.168.3.1 255.255.255.0 standby 192.168.3.2 set this unit as secondary asa(config)failover lan unit secondary Enable failover.
![]() ASA(config) During activestandby failover, the active ASA receives all traffic flows and filters all network traffic while the secondary ASA is in the Ready mode. Therefore you should dimension each ASA device in such a way so that to be able to handle all traffic. ASA failover works in 2 modes: Stateful Failover and Regular Failover. During regular Failover, when Failover occurs, all active connections will be dropped. During Stateful Failover however, the active unit continually passes per-connection state to standby unit. When failover occurs, both ASA devices will have knowledge about all connections. ![]() If any of these requirements is not satisfied, then they cannot work in failover mode. Lets consider an example of activestandby Failover configuration (see diagram below). The Outside interfaces on ASAs are Ge00 and LAN interfaces are Ge01. For Failover we will use Ge02, particularly Ge02.1 will be the Failover interface and Ge02.2 the state interface (by which the information about protocol States will be exchanged). Note that you dont have to use two different connections for Failover and State. MORE READING: How to Configure EIGRP on a Cisco ASA Firewall (Example Commands) Table Of Contents ASA Failover Configuration Example Verification and Troubleshooting Commands: Cisco ASA Redundant Interface Configuration ASA Failover Configuration Example Active Unit Configuration: Note: Always start with the active ASA first. During Failover the primary IP address will be assigned to Standby Unit. In this documentation, the failover (interface name for GigabitEthernet02.1) is used as a failover interface. Define stateful Failover interface asa(config)failover link state Ge02.2 Assign IP addresses to Stateful Failover interfaces asa(config)failover interface ip state 192.168.4.1 255.255.255.0 standby 192.168.4.2 enable Failover asa(config)failover Note: Issue the failover command on the primary device first, and then issue it on the secondary device. After you issue the failover command on the secondary device, the secondary device immediately pulls the configuration from the primary device and sets itself as standby. The primary ASA stays up and passes traffic normally and marks itself as the active device. From that point on, whenever a failure occurs on the active device, the standby device comes up as active.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |