10-31-2016 11:21 AM - edited 03-12-2019 01:28 AM
It has been a few years since I added a second ASA to an active one that was not configured for failover. I forget the order to activate failover. I remember the first time doing this I goofed and the secondary unit, which had nothing but failover configured kept overwriting the primary unit.
So I have a 5510 with failover configured and it is enabled. Do I add in the second ASA by first enabling the management(failover) interface, verifying that it can ping the primary, keep all the other interfaces disabled and then commit the failover command? I already have the base failover configured, and there are certs on the primary that need to be pushed to the secondary. Once the primary finishes pushing the configuration to the standby, then enable the interfaces? Since the active unit is already enabled, I shouldn't see any downtime for this, or will I?
11-01-2016 03:45 PM
Here's the cut sheet I use.
On PRIMARY
============================================================
failover lan unit primary
failover lan interface FAILOVER-INTF GigabitEthernet0/6
failover link STATEFUL-FAILOVER-INTF GigabitEthernet0/7
failover interface ip FAILOVER-INTF 169.254.254.1 255.255.255.252 standby 169.254.254.2
failover interface ip STATEFUL-FAILOVER-INTF 169.254.254.5 255.255.255.252 standby 169.254.254.6
failover ipsec pre-shared 0 SeCrEtKeY
On SECONDARY
============================================================
failover lan unit secondary
failover lan interface FAILOVER-INTF GigabitEthernet0/6
failover link STATEFUL-FAILOVER-INTF GigabitEthernet0/7
failover interface ip FAILOVER-INTF 169.254.254.1 255.255.255.252 standby 169.254.254.2
failover interface ip STATEFUL-FAILOVER-INTF 169.254.254.5 255.255.255.252 standby 169.254.254.6
failover ipsec pre-shared 0 SeCrEtKeY
PROCEDURES
============================================================
On PRIMARY
--------------------
failover
On Secondary
--------------------
failover
On PRIMARY
-------------------
monitor interface [nameif]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide