https://community.cisco.com/t5/network-security/asa-failover/m-p/4571414#M1088315 <P>By default ASA is in secondary mode.</P> <P>for ASA-B to be active(primary) here is the config</P> <PRE>ASA-B failover lan unit primary interface gigabitEthernet 0/3 no shutdown ! failover lan interface LANFAIL gigabitethernet 0/3 failover interfaces ip LANFAIL x.x.x.x 255.255.255.0 standby x.x.x.y failover link LANFAIL exit</PRE> <P>&nbsp;</P> <P>once ASA-B is configured as Primary (Active) as soon as you configured the ASA-A as standby (Secondary) all the configuration from the ASA-B (which is primary active) will replicate to secondary ASA-A.</P> <PRE>ASA-A failover lan unit secondary interface gigabitEthernet 0/3 no shutdown ! failover lan interface LANFAIL gigabitethernet 0/3 failover interfaces ip LANFAIL x.x.x.x 255.255.255.0 standby x.x.x.y failover link LANFAIL exit</PRE> <P>&nbsp;</P> <P>few command to check if the ASA failover is working</P> <PRE>show failover | i host show failover detail </PRE> <P>&nbsp;</P> <P>once failover is working you can configure the active and standby ip interfaces on you data interfaces and also monitoring on the interface. If you have sub-interface on your firewall they need to be configured as monitoring as sub-interface by default are not in monitoring.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 16 Mar 2022 09:21:54 GMT Sheraz.Salim 2022-03-16T09:21:54Z https://community.cisco.com/t5/network-security/asa-failover/m-p/4571392#M1088303 <P>I have 2 asas. ASA-A and ASA-B. I want to configure ASA-B as an active unit and ASA-A as an standby unit. Could any one tell me how could i do that? IS there any election process will happen for selecting active/standby units between asa?</P> Wed, 16 Mar 2022 08:25:10 GMT https://community.cisco.com/t5/network-security/asa-failover/m-p/4571392#M1088303 tech_gubby 2022-03-16T08:25:10Z https://community.cisco.com/t5/network-security/asa-failover/m-p/4571394#M1088305 <P>The config guide has details on setting up HA.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/asdm77/general/asdm-77-general-config/ha-failover.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/asdm77/general/asdm-77-general-config/ha-failover.html</A></P> <P>The first one that is up will take the Active role and the second will be Standby. There's no election process per se other than checking if the unit is healthy. Assuming both units are healthy, whichever is active will stay that way until the admin changes it manually of the unit becomes unhealthy.</P> Wed, 16 Mar 2022 08:28:15 GMT https://community.cisco.com/t5/network-security/asa-failover/m-p/4571394#M1088305 Marvin Rhoads 2022-03-16T08:28:15Z https://community.cisco.com/t5/network-security/asa-failover/m-p/4571404#M1088311 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/344614">@tech_gubby</a></P><P>Below is active/standby guide&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/failover.html#wp1091288" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/failover.html#wp1091288</A></P><P>&nbsp;</P><P>For Active/Active</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/failover.html#wp1052847" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/failover.html#wp1052847</A></P><P>&nbsp;</P><P>other Document is below for Active/standby</P><P><A href="https://www.thegeekstuff.com/2011/09/cisco-asa-high-availability/" target="_blank">https://www.thegeekstuff.com/2011/09/cisco-asa-high-availability/</A></P><P>&nbsp;</P><P>Those documents will help you to understand step by step config.</P><P>&nbsp;</P><P>Thanks,</P><P>Jitendra</P> Wed, 16 Mar 2022 08:49:51 GMT https://community.cisco.com/t5/network-security/asa-failover/m-p/4571404#M1088311 Jitendra Kumar 2022-03-16T08:49:51Z https://community.cisco.com/t5/network-security/asa-failover/m-p/4571414#M1088315 <P>By default ASA is in secondary mode.</P> <P>for ASA-B to be active(primary) here is the config</P> <PRE>ASA-B failover lan unit primary interface gigabitEthernet 0/3 no shutdown ! failover lan interface LANFAIL gigabitethernet 0/3 failover interfaces ip LANFAIL x.x.x.x 255.255.255.0 standby x.x.x.y failover link LANFAIL exit</PRE> <P>&nbsp;</P> <P>once ASA-B is configured as Primary (Active) as soon as you configured the ASA-A as standby (Secondary) all the configuration from the ASA-B (which is primary active) will replicate to secondary ASA-A.</P> <PRE>ASA-A failover lan unit secondary interface gigabitEthernet 0/3 no shutdown ! failover lan interface LANFAIL gigabitethernet 0/3 failover interfaces ip LANFAIL x.x.x.x 255.255.255.0 standby x.x.x.y failover link LANFAIL exit</PRE> <P>&nbsp;</P> <P>few command to check if the ASA failover is working</P> <PRE>show failover | i host show failover detail </PRE> <P>&nbsp;</P> <P>once failover is working you can configure the active and standby ip interfaces on you data interfaces and also monitoring on the interface. If you have sub-interface on your firewall they need to be configured as monitoring as sub-interface by default are not in monitoring.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 16 Mar 2022 09:21:54 GMT https://community.cisco.com/t5/network-security/asa-failover/m-p/4571414#M1088315 Sheraz.Salim 2022-03-16T09:21:54Z