topic ASA Firewall HA Configuration in Network Security https://community.cisco.com/t5/network-security/asa-firewall-ha-configuration/m-p/1700080#M417240 <P>Hi,</P><P></P><P>I try configure failover as per diagram, but it didn't work. Below is how i configure:</P><P></P><P><SPAN style="text-decoration: underline;">Primary:</SPAN></P><P></P><P>int g0/0</P><P> ip address 192.168.50.5 255.255.255.0 standby 192.168.50.6</P><P> security-level 0</P><P> nameif public</P><P> no shut</P><P>exit</P><P></P><P>int g0/1</P><P> ip address 172.16.0.5 255.255.0.0 standby 172.16.0.6</P><P> security-level 100</P><P> nameif inside</P><P> no shut</P><P>exit</P><P></P><P>interface Management0/0</P><P> nameif management</P><P> security-level 100</P><P> ip address 192.168.80.1 255.255.255.0</P><P> management-only</P><P> no shut</P><P>exit</P><P></P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover g0/3</P><P>failover key cisco</P><P>failover interface ip failover 192.168.100.1 255.255.255.0 standby 192.168.100.2</P><P></P><P><SPAN style="text-decoration: underline;">Secondary:</SPAN></P><P><BR />int g0/0<BR /> ip address 192.168.50.6 255.255.255.0<BR /> security-level 0<BR /> nameif public<BR /> no shut<BR />exit</P><P></P><P>int g0/1<BR /> ip address 172.16.0.6 255.255.0.0<BR /> security-level 100<BR /> nameif inside<BR /> no shut<BR />exit</P><P></P><P>interface Management0/0<BR /> nameif management<BR /> security-level 100<BR /> ip address 192.168.80.2 255.255.255.0 <BR /> management-only<BR /> no shut<BR />exit</P><P></P><P>failover<BR />failover lan unit secondary<BR />failover lan interface failover g0/3<BR />failover key cisco<BR />failover interface ip failover 192.168.100.1 255.255.255.0 standby 192.168.100.2</P><P></P><P></P><P>Is my configuration correct?</P> Fri, 21 Feb 2020 12:18:53 GMT VincentLong 2020-02-21T12:18:53Z ASA Firewall HA Configuration https://community.cisco.com/t5/network-security/asa-firewall-ha-configuration/m-p/1700080#M417240 <P>Hi,</P><P></P><P>I try configure failover as per diagram, but it didn't work. Below is how i configure:</P><P></P><P><SPAN style="text-decoration: underline;">Primary:</SPAN></P><P></P><P>int g0/0</P><P> ip address 192.168.50.5 255.255.255.0 standby 192.168.50.6</P><P> security-level 0</P><P> nameif public</P><P> no shut</P><P>exit</P><P></P><P>int g0/1</P><P> ip address 172.16.0.5 255.255.0.0 standby 172.16.0.6</P><P> security-level 100</P><P> nameif inside</P><P> no shut</P><P>exit</P><P></P><P>interface Management0/0</P><P> nameif management</P><P> security-level 100</P><P> ip address 192.168.80.1 255.255.255.0</P><P> management-only</P><P> no shut</P><P>exit</P><P></P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover g0/3</P><P>failover key cisco</P><P>failover interface ip failover 192.168.100.1 255.255.255.0 standby 192.168.100.2</P><P></P><P><SPAN style="text-decoration: underline;">Secondary:</SPAN></P><P><BR />int g0/0<BR /> ip address 192.168.50.6 255.255.255.0<BR /> security-level 0<BR /> nameif public<BR /> no shut<BR />exit</P><P></P><P>int g0/1<BR /> ip address 172.16.0.6 255.255.0.0<BR /> security-level 100<BR /> nameif inside<BR /> no shut<BR />exit</P><P></P><P>interface Management0/0<BR /> nameif management<BR /> security-level 100<BR /> ip address 192.168.80.2 255.255.255.0 <BR /> management-only<BR /> no shut<BR />exit</P><P></P><P>failover<BR />failover lan unit secondary<BR />failover lan interface failover g0/3<BR />failover key cisco<BR />failover interface ip failover 192.168.100.1 255.255.255.0 standby 192.168.100.2</P><P></P><P></P><P>Is my configuration correct?</P> Fri, 21 Feb 2020 12:18:53 GMT https://community.cisco.com/t5/network-security/asa-firewall-ha-configuration/m-p/1700080#M417240 VincentLong 2020-02-21T12:18:53Z Re: ASA Firewall HA Configuration https://community.cisco.com/t5/network-security/asa-firewall-ha-configuration/m-p/1700081#M417242 <HTML><HEAD></HEAD><BODY><P>Hi Vincent,</P><P></P><P>The failover configuration on the primary is fine. But on the Secondary unit you just need the following commands:</P><P></P><P>int g0/0</P><P>no shut</P><P></P><P>int g0/1</P><P>no shut</P><P><BR />failover lan unit secondary<BR />failover lan interface failover g0/3<BR />failover key cisco<BR />failover interface ip failover 192.168.100.1 255.255.255.0 standby 192.168.100.2</P><P></P><P>failover</P><P></P><P>You need not assign Ip addresses to the interfaces on the secondary ASA. Once the failover is on the config is pushed by the Active unit to the standby unit. So once the primary ASA becomes active it will push the standby IP addresses to the interfaces of the standby unit. Do note that is it recommended that the 'failover' command should be issued after entering all the failover configuration . You can check the status of the failover by ' show failover' command. Enabling the logs will also help you isolate the issue.</P><P></P><P>Hope this helps!</P><P></P><P>Regard,</P><P>Som</P><P></P><P>P.S.: Please mark the question resolved if it has been answered. Do rate helpful posts. Thanks</P></BODY></HTML> Mon, 11 Apr 2011 12:21:23 GMT https://community.cisco.com/t5/network-security/asa-firewall-ha-configuration/m-p/1700081#M417242 Somanna M.P 2011-04-11T12:21:23Z