Solved: Re: Cisco ASA 5545 - Add a Failover unit

hmartinez05 · ‎04-18-2018

Hello,

Question about configuring an Active/Failover build

We already have a 5545 in place, configured and running, but it is a single unit, with no redundancy.

I want to explore adding another node and re configuring, this and the new firewall into an active/passive state.

My question is - If my current unit is already configured, can I easily add another firewall as the passive unit, or is it best practice to wipe the current build, and rebuild as active/passive pair?

Bogdan Nita · ‎04-18-2018

You don't need to wipe the config.
Here are the steps that I usually use to setup a failover pair in such cases:

1.backup config
2.failover config on the primary ASA, but do not enable failover
3.clear the config on the secondary ASA
4.failover config on the secondary ASA and enable failover
5.connect the failover links

6.check interfaces and config and enable failover on the primary ASA

the secondary ASA should get the config from the primary and you should see it in standby ready mode

HTH

Bogdan

View solution in original post

Bogdan Nita · ‎04-18-2018

You don't need to wipe the config.
Here are the steps that I usually use to setup a failover pair in such cases:

1.backup config
2.failover config on the primary ASA, but do not enable failover
3.clear the config on the secondary ASA
4.failover config on the secondary ASA and enable failover
5.connect the failover links

6.check interfaces and config and enable failover on the primary ASA

the secondary ASA should get the config from the primary and you should see it in standby ready mode

HTH

Bogdan