Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1156
Views
5
Helpful
2
Replies

ASA 5520 8.2 Failover

johnlloyd_13
Level 9
Level 9

‎05-25-2019 05:59 PM

hi,

we have two independent/separate ASA 5520 8.2 (multiple/context mode) that i need to do failover/HA while waiting for its HW upgrade. both have same 8.2 code and the only difference i see are their RAM and security context license.

 

i just would like to confirm if these two will form failover.

 

ASA-1:

 

Cisco Adaptive Security Appliance Software Version 8.2(5) <system>

Device Manager Version 7.6(1)

 

Compiled on Fri 20-May-11 16:00 by builders

System image file is "disk0:/asa825-k8.bin"

Config file at boot was "startup-config"

 

ASA-1 up 317 days 21 hours

 

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

 

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

 

 0: Ext: GigabitEthernet0/0  : address is 0007.7dad.00b6, irq 9

 1: Ext: GigabitEthernet0/1  : address is 0007.7dad.00b7, irq 9

 2: Ext: GigabitEthernet0/2  : address is 0007.7dad.00b8, irq 9

 3: Ext: GigabitEthernet0/3  : address is 0007.7dad.00b9, irq 9

 4: Ext: Management0/0       : address is 0007.7dad.00b5, irq 11

 5: Int: Not used            : irq 11

 6: Int: Not used            : irq 5

 

Licensed features for this platform:

Maximum Physical Interfaces    : Unlimited

Maximum VLANs                  : 150      

Inside Hosts                   : Unlimited

Failover                       : Active/Active

VPN-DES                        : Enabled  

VPN-3DES-AES                   : Enabled  

Security Contexts              : 20       

GTP/GPRS                       : Disabled 

SSL VPN Peers                  : 2        

Total VPN Peers                : 750      

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled 

AnyConnect for Cisco VPN Phone : Disabled 

AnyConnect Essentials          : Disabled 

Advanced Endpoint Assessment   : Disabled 

UC Phone Proxy Sessions        : 2        

Total UC Proxy Sessions        : 2        

Botnet Traffic Filter          : Disabled 

 

This platform has an ASA 5520 VPN Plus license.

 

 

---

 

ASA-2:

 

Cisco Adaptive Security Appliance Software Version 8.2(5) <system>

Device Manager Version 7.6(1)

 

Compiled on Fri 20-May-11 16:00 by builders

System image file is "disk0:/asa825-k8.bin"

Config file at boot was "startup-config"

 

ASA-2 up 317 days 21 hours

 

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

 

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

 

 0: Ext: GigabitEthernet0/0  : address is 0023.3353.9da6, irq 9

 1: Ext: GigabitEthernet0/1  : address is 0023.3353.9da7, irq 9

 2: Ext: GigabitEthernet0/2  : address is 0023.3353.9da8, irq 9

 3: Ext: GigabitEthernet0/3  : address is 0023.3353.9da9, irq 9

 4: Ext: Management0/0       : address is 0023.3353.9da5, irq 11

 5: Int: Not used            : irq 11

 6: Int: Not used            : irq 5

 

Licensed features for this platform:

Maximum Physical Interfaces    : Unlimited

Maximum VLANs                  : 150      

Inside Hosts                   : Unlimited

Failover                       : Active/Active

VPN-DES                        : Enabled  

VPN-3DES-AES                   : Enabled  

Security Contexts              : 10       

GTP/GPRS                       : Disabled 

SSL VPN Peers                  : 2        

Total VPN Peers                : 750      

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled 

AnyConnect for Cisco VPN Phone : Disabled 

AnyConnect Essentials          : Disabled 

Advanced Endpoint Assessment   : Disabled 

UC Phone Proxy Sessions        : 2        

Total UC Proxy Sessions        : 2        

Botnet Traffic Filter          : Disabled 

 

This platform has an ASA 5520 VPN Plus license.

Labels:
0 Helpful
2 Replies 2

Sheraz.Salim
VIP
VIP

‎05-26-2019 01:01 AM

For ASA failover to form you must have both ASA boxes same RAM. In your case they won’t form the failover as RAM is different on both boxes.

 

 

here is the link.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf

please do not forget to rate.

balaji.bandi
Hall of Fame
Hall of Fame

‎05-26-2019 05:42 AM

Couple of things you need to note.:

 

You have old ASA code running which 8.2 ( suggest to upgrade to latest stable to get best out of performance)

if you decided to upgrade if you other box to test for your feature before you build ha.

 

if you still like to use same code for some reason, here is the guide for 8.2

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ha_active_standby.pdf

 

 basic rule of building HA  -  make sure HARDWARE / ASA  CODE exactly need to identical.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card