Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3065
Views
20
Helpful
5
Replies

Failover testing on a Multi Context ASA

Go to solution
NeWGuy1109
Level 1
Level 1

‎09-26-2019 09:55 AM - edited ‎02-21-2020 09:31 AM

Hello,

 

I want to understand the best and recommended way to initiate failover on a multi context ASA operating in Active/Standby Mode with 3 contexts. Failover testing is required for all contexts at once.

 

Does doing a "failover active" on the system context of the standby mode is the correct way to do this ?

 

Thanks

1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎09-27-2019 11:09 AM

In Cisco ASA, when you do Multi-context, Active / Active means, both the ASA are Active mode.

But each context will be active / Standby by default.

 

you do same failover as normally you do if you have group you can do failover group.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-26-2019 09:58 AM

You need to understand where the Active one, where you want to failover

 

take example :

 

FW 1 active for Context A

FW 2 Standby  for Context A

 

So you need to decide all context to Move to FW 1 or 2, so based on the decision failover context group.

 

what is the reason of this test case ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
NeWGuy1109
Level 1
Level 1
In response to balaji.bandi

‎09-26-2019 10:04 AM

Thanks for the reply,

At the moment Contexts A,B,C where A is the system context are active on Primary Member
The requirement is to move contexts A,B,C to Secondary Member by making it as Active and moving all the traffic thorough Secondary Member (which becomes Active after Failover).
Is it required to be done through Failover Groups ? cant it be done by issuing failover active on the system context of secondary member ?

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎09-26-2019 12:53 PM

it all depends on how you configured your Active/Active Firewall setup.

 

suggest to read this document for more clarty and choose best method work for you.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ha_active_active.html#16098

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
NeWGuy1109
Level 1
Level 1
In response to balaji.bandi

‎09-26-2019 10:06 PM

Its not an active/active failover ...its in active/standy which is already configured...it has to be tested for failover functionality by switching traffic from Primary device to Secondary device
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to NeWGuy1109

‎09-27-2019 11:09 AM

In Cisco ASA, when you do Multi-context, Active / Active means, both the ASA are Active mode.

But each context will be active / Standby by default.

 

you do same failover as normally you do if you have group you can do failover group.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card