Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
1
Replies

ASA problem

followurself
Level 1
Level 1

‎06-08-2007 08:26 AM - edited ‎03-11-2019 03:27 AM

I want to configure a active/active failover using asa5520 and ips ssm module in it

wht i have tried but before that i will connecting the interfaces of these firewalls to a 3548 switch

wht i hv tried

asa1---g/0 goes to a 3548A switch

asa1---g0/3 is the stateful and failover link

asa1- g0/1 is connected to 3548B

asa1---g0/2 connected to 3548C

asa2--g/0 goes to 3548 switch

asa2- g0/3 is the stateful and failover link

asa2--g0/1 is connected to 3548B

asa2---g0/2 connected to 3548C

create 2 context OL and UA

the configuration is as such

asa1---

failover

failover lan unit primary

failover lan interface LAN-fo GigabitEthernet0/3

failover polltime unit 1 holdtime 5

failover link LAN-fo GigabitEthernet0/3

failover interface ip LAN-fo 172.16.1.117 255.255.255.252 standby 172.16.1.118

failover group 1

preempt

failover group 2

secondary

preempt

context OL

description Virtual Firewall For ONLINE APPS

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/1

allocate-interface Management0/0

config-url disk0:/ol.cfg

join-failover-group 2

!

context UA

description Virtual Firewall For UAT

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/2

allocate-interface Management0/0

config-url disk0:/ua .cfg

join-failover-group 1

asa2---

failover

failover lan unit secondary

failover lan interface LAN-fo GigabitEthernet0/3

failover polltime unit 1 holdtime 5

failover link LAN-fo GigabitEthernet0/3

failover interface ip LAN-fo 172.16.1.117 255.255.255.252 standby 172.16.1.118

failover group 1

preempt

failover group 2

secondary

preempt

as you can see g0/0 is shared ad connected to 3548 A switch, i must see 4 mac address on switch for the interfaces they connect

so asa1 --g0/0---3458 port4------3458 port 6-----g0/0----asa2

teh ip address on g0/0 of asa1 is

for context OL

ip address 192.168.18.135 255.255.255.0 standby 192.168.18.136

for UA

ip address 192.168.17.135 255.255.255.0 standby 192.168.17.136

the default gatewys are 192.168.18.1

now from the primary firewall going to context UA

i can ping the gateway 192.168.18.1

but when i go to OL

i cant ping 192.168.18.1

the 3548A switch maintains 4 macs..but sometime it losses the mac

icant understand why i cant ping from context OL its defalut gatewway

the problem doesnt come with interfaces g0/1 and g0/2 because they are not sahred.but i guess it the way its configured

Anybody

Labels:
0 Helpful
1 Reply 1

b.hsu
Level 5
Level 5

‎06-14-2007 05:38 AM

Try this:

To bootstrap the secondary unit in an Active/Active failover configuration,

perform the following steps:

----------------------------------------------------------------------------

----

Step 1 (PIX security appliance platform only) Enable LAN-based failover.

hostname(config)# failover lan enable

Step 2 Define the failover interface. Use the same settings as you used for

the primary unit.

a. Specify the interface to be used as the failover interface.

hostname(config)# failover lan interface if_name phy_if

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card