Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2566
Views
10
Helpful
5
Replies

Cisco ASA - Configuration of Active standby failover

Go to solution
LovejitSingh1313
Level 1
Level 1

‎08-25-2020 04:29 PM

Hello Experts

I want to configure two ASA in failover. Right Now both primary ASA is working and I connected secondary ASA with Internet and LAN and DMZ interface and configured the interfaces but nothing else is configured as it will get config from the primary. Please advise step by step with configuration.

Also, what is the command to switch the Active firewall to standby and vice-versa?(I do not want to change the role from Primary to Secondary of the unit instead just want to switch Active to standby manually)

Thanks,

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to LovejitSingh1313

‎08-25-2020 05:35 PM

Those interfaces not configured to monitor - if it is your requirement enable to monitor

 

failover trigger places based on criteria met :

 

https://community.cisco.com/t5/security-documents/asa-interface-monitoring-in-failover-and-its-impact/ta-p/3144324

 

good HA document for reference - in case anything missing :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_failover.html#35064

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to LovejitSingh1313

‎08-26-2020 12:24 AM

Hi,

Monitored interfaces will trigger failover if any of them fail.
Non-monitored interfaces will not trigger failover if they fail.

**** please remember to rate useful posts

View solution in original post

5 Replies 5

Go to solution
LovejitSingh1313
Level 1
Level 1

‎08-25-2020 05:23 PM

Hello Guys @Rob Ingram  @balaji.bandi  @Marvin Rhoads @Georg Pauwen 

 

I configured failover by using following link and its working great. I was also able to switch standby unit to Active as well.

 

https://www.petenetlive.com/KB/Article/0000048

 

Failover is working great but i am not able to understand the #sh failover command output. Please see the Colored text and what does (Not-Monitored) means?

 

ciscoasa# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet0/5 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 1 of 61 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.12(2), Mate 9.12(2)
Serial Number: Ours 9AREQ9MVUPW, Mate 9ANWQD7GDN9
Last Failover at: 00:15:56 UTC Aug 26 2020
This host: Primary - Active
Active time: 185 (sec)
slot 0: ASAv hw/sw rev (/9.12(2)) status (Up Sys)
Interface outside (192.168.2.121): Normal (Monitored)
Interface inside (10.10.10.1): Normal (Not-Monitored)
Interface guestWIFI (20.20.20.1): Normal (Not-Monitored)
Other host: Secondary - Standby Ready
Active time: 303 (sec)
Interface outside (192.168.2.123): Normal (Monitored)
Interface inside (10.10.10.3): Normal (Not-Monitored)
Interface guestWIFI (20.20.20.3): Normal (Not-Monitored)

Stateful Failover Logical Update Statistics
Link : Unconfigured.

 

Thanks,

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to LovejitSingh1313

‎08-25-2020 05:35 PM

Those interfaces not configured to monitor - if it is your requirement enable to monitor

 

failover trigger places based on criteria met :

 

https://community.cisco.com/t5/security-documents/asa-interface-monitoring-in-failover-and-its-impact/ta-p/3144324

 

good HA document for reference - in case anything missing :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_failover.html#35064

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to LovejitSingh1313

‎08-26-2020 12:24 AM

Hi,

Monitored interfaces will trigger failover if any of them fail.
Non-monitored interfaces will not trigger failover if they fail.

**** please remember to rate useful posts

Go to solution
AmmarHermiz14196
Level 1
Level 1

‎09-04-2020 10:19 AM

Hi,

I have an ASA 5506-X want to configure it after a Verizon router model number (G1100). 
I have block of 5 static IP address.

Anything I need to change on Verizon Router?

 

I will appreciate your help with this.

 

Thanks, 

Ammar 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-04-2020 12:28 PM

I have never worked with that router , but it is possible as suggested below post : (if you can make ISP router in Bridge mode and make ASA as in path is good suggestion)

 

https://community.cisco.com/t5/network-security/asa-5505-with-fios/m-p/2296660/highlight/true

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card