08-19-2015 08:19 AM - edited 03-11-2019 11:27 PM
Hi All,
We currently have a Cisco 5525x with 10 context, and am looking to put a secondary 5525x as a HA.
So both to run both context as active active.
The primary ASA is up and running. So what is needed to get the other 5525x which is not configured to join the active active and sync all configure from the primary?
Thanks,
Solved! Go to Solution.
08-19-2015 09:18 AM
Hello;
Configure the regular failover on the primary unit. Check which of the contexts will be active in one unit and another (using the failover groups). Once that is done, configure the failover link to the seconary Unit, wait until it replicates and then manually move some of the contexts to the secondary firewall (it is not done automatically unless you have the preempt command).
Here is some documentation about it:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91336-pix-activeactive-config.html
Its a bit old but same concept applies, commands, etc.
Mike.
08-19-2015 09:18 AM
Hello;
Configure the regular failover on the primary unit. Check which of the contexts will be active in one unit and another (using the failover groups). Once that is done, configure the failover link to the seconary Unit, wait until it replicates and then manually move some of the contexts to the secondary firewall (it is not done automatically unless you have the preempt command).
Here is some documentation about it:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91336-pix-activeactive-config.html
Its a bit old but same concept applies, commands, etc.
Mike.
08-20-2015 01:59 AM
Hi Mike,
Perfect, Thank you!
Mohammed
08-20-2015 04:30 AM
Hi Mike,
I have one more question.
As the Actice/Active with be multi-context.
Each context has its own inside and outside ip addresses. like Inside interface has sub-interfaces on G0/1 with a private ip and all contexts have their own public on their outside interface which is gi0/0.
Do I need to configure standby IP on all interfaces assigned to all contexts?
Thanks
Mohammed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide