12-21-2018 09:19 AM - edited 02-21-2020 08:35 AM
Hello,
We've an ASA running on a FPR-2110 with a single Site-To-Site VPN. We need to create redundancy by adding another ASA/FPR-2110. What's the best way to accomplish this?
Thanks in advance,
~zK
12-21-2018 11:04 AM
12-24-2018 09:12 AM
Thanks for the info, Mohammed!
When you say "enabling stateful FO between the FWs, is there a specific command that i will need to run because I couldn't find any references to such commands on Cisco's documentation.
Here are the statements I'll be implementing:
Primary ASA:
failover lan unit primary
failover lan interface failover Ethernet0/3
failover key xxxxxxxxxxxxx
failover link failover Ethernet0/3
failover interface ip failover 1.1.1.1 255.255.255.252 standby 1.1.1.2
interface Ethernet0/3
no shut
failover
---------------------------------------------------------------------------------
Secondary ASA
failover lan unit secondary
failover lan interface folink gigabitethernet0/3
failover key failureismydestiny
failover interface ip failover 1.1.1.1 255.255.255.252 standby 1.1.1.2
failover link failover Ethernet0/3
interface Ethernet0/3
no shut
failover
Thanks in advance,
~zK
12-21-2018 12:56 PM
12-24-2018 09:13 AM
Thanks, Abeesh for sharing. The document was very helpful!
Best, ~zK
12-23-2018 04:13 AM
Note that ASA on Firepower 2100 series only has Management and Eth1/2 and 1/2 interfaces enabled by default. If you want more (for HA reason or anything else) you will need to assign and enable them from Firepower Chassis Manager first.
12-24-2018 09:14 AM
Good point, Marvin!
I've made it a practice when configuring the FirePower is to enable all interfaces in the FXOS and put them in admin shut on the ASA.
Best, ~zK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide