08-11-2008 03:28 PM - edited 03-11-2019 06:29 AM
Hi,
I am having trouble getting the config right for failover on a pair of ASA 5505 with a plus license. I have a Cisco Press book but I think the examples are for 5510 and up. I could not find what I needed on the web site either.
Can someone provide a 5505 config example or point me at a good doc that really deals with the 5505.
Thanks,
Michael Hurley
08-11-2008 05:04 PM
first
The ASA 5505 series adaptive security appliance does not support Stateful Failover or Active/Active failover
so go to the active standby section directly
and this link will give all the details and config required
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1058096
good luck
please, if helpful rate
08-11-2008 05:19 PM
Here is a config that worked for me. You can change the vlan number to something else and I don't think you need to 'no shut' it but I do anyway. Just change the ***** to your own key and make sure the subnet doesn't overlap with something you are already using and it should work.
!!! Primary unit
failover
failover lan unit primary
failover lan interface fo-int Vlan20
failover key *****
failover interface ip fo-int 172.31.254.1 255.255.255.0 standby 172.31.254.2
int vlan20
no shut
!!! Secondary unit
failover
failover lan unit secondary
failover lan interface fo-int Vlan20
failover key *****
failover interface ip fo-int 172.31.254.1 255.255.255.0 standby 172.31.254.2
int vlan20
no shut
08-12-2008 02:16 PM
Anthony,
Thanks, your suggestion worked for me....but when I do a sh fail I get Unknown (Waiting) status as indicated in the output below. The 2 units seem to be communicating OK and changes made on the primary are copied to the secondary.
I found a Cisco doc that suggested I apply portfast on the switch ports the ASAs are connected on but that did not change anything.
Any ideas?
Thanks,
Michael
FROM SECONDARY
test1# sh fail
Failover On
Failover unit Secondary
Failover LAN Interface: fail_int Vlan15 (up)
Unit Poll frequency 10 seconds, holdtime 30 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
Version: Ours 7.2(3), Mate 7.2(3)
Last Failover at: 10:28:10 UTC Aug 12 2008
This host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5505 hw/sw rev (1.0/7.2(3)) status (Up Sys)
Interface outside (172.30.148.30): Normal (Waiting)
Interface inside (10.0.135.41): Normal (Waiting)
slot 1: empty
Other host: Primary - Active
Active time: 14387 (sec)
slot 0: ASA5505 hw/sw rev (1.0/7.2(3)) status (Up Sys)
Interface outside (172.30.148.29): Unknown (Waiting)
Interface inside (10.0.135.40): Unknown (Waiting)
slot 1: empty
test1#
FROM PRIMARY
test1# sh fail
Failover On
Failover unit Primary
Failover LAN Interface: fail_int Vlan15 (up)
Unit Poll frequency 10 seconds, holdtime 30 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
Version: Ours 7.2(3), Mate 7.2(3)
Last Failover at: 10:56:38 UTC Aug 12 2008
This host: Primary - Active
Active time: 14687 (sec)
slot 0: ASA5505 hw/sw rev (1.0/7.2(3)) status (Up Sys)
Interface outside (172.30.148.29): Normal (Waiting)
Interface inside (10.0.135.40): Normal (Waiting)
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5505 hw/sw rev (1.0/7.2(3)) status (Up Sys)
Interface outside (172.30.148.30): Normal (Waiting)
Interface inside (10.0.135.41): Normal (Waiting)
slot 1: empty
test1#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide