Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1765
Views
5
Helpful
4
Replies

cisco ASA failover configuration

Go to solution
EthanIsenberg75263
Level 1
Level 1

‎01-25-2021 07:12 AM - edited ‎01-25-2021 08:33 AM

I currently run a ASA 5525-X in active/standby routed mode.

 

Is there a way to make the primary unit always be the active? Other firewall manufactures allow you to give the active and standby units a preempt priority level unique to each unit. When configuring my Palo Alto active/standby HA firewall I gave the primary unit a preempt priority of 5 and the standby unit a preempt priory of 10 (lower priority = preferred unit). This assures me that when the firewall is running normal with no issues with either unit, the Primary unit will always be the active unit. If I were to reload the primary unit - the secondary unit would be come active - once the primary unit has reloaded it would automatically become the active again due to having the lower preempt priority. When my environment is running normal I like to have the Primary unit be active  - I am able to do this with my juniper and palo Alto firewall using the preempt priority mechanism - not so with my cisco ASA. 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-25-2021 07:52 AM

Hi,

In ASA this is called preempt. Its available in multicontext mode. Its not
present in single context. Changing to multicontext is a major activity so
if you want to go that way, plan for it with outage window.

***** please remember to rate useful posts

View solution in original post

4 Replies 4

Go to solution
vsurresh
Level 1
Level 1

‎01-25-2021 07:44 AM

Hello.

As far as I know, A/S failover does not support preemption.

Preempt option is available on A/A failover.

 

 

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-25-2021 07:52 AM

Hi,

In ASA this is called preempt. Its available in multicontext mode. Its not
present in single context. Changing to multicontext is a major activity so
if you want to go that way, plan for it with outage window.

***** please remember to rate useful posts

Go to solution
AViftrup
Level 1
Level 1

‎01-25-2021 09:32 AM

As mentioned above, it's not possible in single context. 

 

It's basically irrelevant to the running system whatever system is the active one, it's only a matter of display. I get it might be annoying, but it doesn't have any technical differences. 

0 Helpful

Go to solution
EthanIsenberg75263
Level 1
Level 1

‎01-25-2021 10:01 AM

Thanks everyone

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card