Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
3
Replies

Cisco Active/standby failover configuration using mgt interface

prajoth
Level 1
Level 1

‎04-15-2009 08:30 AM - edited ‎03-11-2019 08:19 AM

Hi

Any one Can help me to configure ASA active standby configuration, here I want to use mgt interface for both failover and state full failover link, why because all of my other interfaces are been used for

Production (internal, external, dmz, wan), that leaves me the mgmt port to for the failover. My “primary” ASA is fully configured and up and running. My "secondary" ASA has just been taken out of the box

What do I need to do on the out of box "secondary" firewall, to prepare it, so the primary can talk to secondary , do I use console for initial configuration on secondary ASA

interface Management0/0

nameif management

security-level 100

ip address 192.168.100.1 255.255.255.0

management-only

how do I change management interface to normal interface for failover?

interface Management0/0

no nameif

no security-level

no ip address

please correct above syntax

failover

failover lan unit secondary

failover lan interface failover management0/0

failover lan enable

failover key cisco

failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2

Failover interface ip state ? 255.255.255.0 standby ?

Labels:
0 Helpful
3 Replies 3

franciscogonzalo
Level 1
Level 1

‎04-15-2009 08:30 AM

ASA - 1

failover

failover lan unit primary

failover lan interface lan-asa5520-ha Management0/0

failover link lan-asa5520-ha Management0/0

failover interface ip lan-asa5520-ha 192.168.168.1 255.255.255.252 standby 192.168.168.2

ASA - 2

failover

failover lan unit secondary

failover lan interface lan-asa5520-ha Management0/0

failover link lan-asa5520-ha Management0/0

failover interface ip lan-asa5520-ha 192.168.168.1 255.255.255.252 standby 192.168.168.2

Good Luck

0 Helpful

prajoth
Level 1
Level 1
In response to franciscogonzalo

‎04-20-2009 09:50 PM

thaks,

what about the statefull failover ? can i use the same link for satefull failover in that case what will be the ip address for that ?

regards

0 Helpful

vikram_anumukonda
Level 3
Level 3
In response to prajoth

‎04-20-2009 10:35 PM

in addition to the code posted, make sure you issue the command " no management-only" under the management interface to make it behave like a normal interface.

the stateful failover ip-address will be the same as the lan-based failover ip-address.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card