Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
1
Replies

5510 to 5505 failover (active/active)

Rob Royse
Level 1
Level 1

‎02-12-2014 01:12 PM - edited ‎03-11-2019 08:44 PM

Hello,

We have both a 5510 and a 5505, and they are both running the security plus licenses. At this time, the 5510 is connected to our primary (and much faster) ISP connection. We also have a DSL connection available that I could connect to the 5505. A different ISP supplies each device (Charter and AT&T, respectively). Each are assigned a single, public IP address via DHCP from the respective ISP.

Is it possible to configure the 5505 to accept the connection and become primary in the event that the 5510 goes offline (either due to outage or failure)?

If so, what are the steps I would take to configure this? Examples of commands to issue would be very helpful.

Many Thanks in Advance!

-Rob

Labels:
0 Helpful
1 Reply 1

jpeterson6
Level 2
Level 2

‎02-12-2014 02:04 PM

You cannot configure a direct Failover/HA setup with two different ASA models.

For a solution to your problem, I'd suggest using IP SLA on a router or L3 switch that both ASAs plug into - that way if one link/ASA goes down, the default route will change to the other ASA.

EDIT: By the way, the failover setup you describe is Active/Standby. Active/Active refers to two separate ASAs running multi-context, with one ASA being active for "context1" and the other ASA being active for "context2". ASA 5505's do not support multi-context.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card