07-09-2012 06:56 AM - edited 03-11-2019 04:28 PM
Hi All,
I'm fairly new to ASA management so would appreciate some feedback here. I have a single firewall at a remote site that is quickly becoming more mission ciritical. To remove the single point of failure I have a second identical unit I intend to install as a standby unit in an Active/Standby failover configuration.
I think i've got the jist of the failover configuration on the active and the standby but, my question is this;
How much config do I need to have on the new standby unit before it will talk to the active unit and sunchronise the config? I'm guessing it'll need the following configured;
If someone with some expereince of this could offer some advise i'd be very grateful.
Thanks in advance!
07-09-2012 07:27 AM
All you need is the failover configuration and connecting the interfaces to the switch, and make sure that the failover unit is secondary.
You don't need the clock nor the AAA configuration as the configuration will get synchronised from the active unit.
07-09-2012 07:41 AM
Hi David,
This goes on the primary active device, please make changes, as per physical your port and ip availablity, those highlighted key-word is user's defined you can put whatever meaningful name.
Interface GigabitEthernet0/3
description LAN/STATE Failover Interface
no shutdown
exit
no failover link
failover lan interface STATE-SYNC GigabitEthernet0/3
failover interface ip STATE-SYNC 10.0.0.1 255.255.255.252 standby 10.0.0.2
failover key your-password-goes-here-whatever-it-maybe
failover link STATE-SYNC
failover replication http
failover lan unit primary
failover lan enable
failover
----------------------------
This goes on the failover unit.
no failover link
no failover lan interface
interface GigabitEthernet0/3
no nameif
no shutdown
exit
failover key your-password-goes-here-whatever-it-maybe
failover lan interface STATE-SYNC GigabitEthernet0/3
failover interface ip STATE-SYNC 10.0.0.1 255.255.255.252 standby 10.0.0.2
failover lan unit secondary
failover lan enable
failover
exit
show failover
Hope this helps.
thanks
Rizwan Rafeek
07-09-2012 08:20 AM
Hi David,
I thought I should have mentioned this as well. When you configured the active and standby failover configuration, the standby device will synchronize the whole configuration from active FW, so all you need is a minimum configuration on standby unit as shown above.
thanks
Rizwan Rafeek
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: