05-14-2014 06:50 AM - edited 03-11-2019 09:12 PM
Good Morning,
I have an one ASA 5585 in multi context mode ( 18 context present). I would like to add an other ASA to do a cluster. I would to have an Actif/Passif cluster .
Do i have to change configuration on all contexts ?
If anybody can help me ...thanks in advance.
Solved! Go to Solution.
05-16-2014 04:14 PM
Yes.
You have to do it per interface in each context.
In the system context you allocate interfaces only.
Then in each context you have to add standby ip to each interface. I havent found the option to add standby in ASDM, i always use CLI.
It is probably a bit more difficult when adding an asa to the production, then deploying a HA cluster from the start. If your interface address is the first one in the subnet, use the last one for standby to avoid confusion and keep the config uniform. Hopefully you have done good with your ip plan, and reserved first few addresses for infrastructure :)
05-15-2014 06:30 AM
You need to add failover configuration in system on the present asa.
Then switch the new one to multi mode, and run the same failover conf in the system context.
Simple config :
failover
failover lan unit primary
failover lan interface Failover GigabitEthernet0/5
failover key *****
failover link Failover GigabitEthernet0/5
failover interface ip Failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
The primary will replicate all configuration to secondary, and you are done.
05-15-2014 11:00 AM
Thanks Mirza,
Do i have to add "stanby" and find an IP for all interfaces (inside and outside , inlcude interfaces on each context ....) ? or only on the failover interface Gig 0/5
regards
05-16-2014 06:53 AM
Hi
As far as i know, you have to add a standby address for all physical and logical interfaces.
Active asa in the cluster always assumes the interface address, and the passive one assumes the standby one.
I am no ASA expert, but these are basics :)
05-16-2014 01:44 PM
Thanks.
Do i have to do under each context ?????
05-16-2014 04:14 PM
Yes.
You have to do it per interface in each context.
In the system context you allocate interfaces only.
Then in each context you have to add standby ip to each interface. I havent found the option to add standby in ASDM, i always use CLI.
It is probably a bit more difficult when adding an asa to the production, then deploying a HA cluster from the start. If your interface address is the first one in the subnet, use the last one for standby to avoid confusion and keep the config uniform. Hopefully you have done good with your ip plan, and reserved first few addresses for infrastructure :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide