cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1192
Views
0
Helpful
9
Replies
Highlighted
Beginner

FPR2120-ASA-K9 failover configuration

Hi All,

I have FPR2120-ASA license and with this software:

1. Cisco Adaptive Security Appliance Software Version 9.8(2) 

2. Device Manager Version 7.8(2)

 

i am new in security section my questions are:

1. how to configure fail over between two ASAs?

2. what is the recommended image?

3.. if i want to migrate the VPN configuration from  ASA5550 version 9.1(7)21, is there any tool or the same configuration i can copy ti the FPR2120 ?

 

Thanks,

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Here's a link to the section in the "Cisco ASA for Firepower 2100 Series Getting Started Guide:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/fp2100/asa-2100-gsg/getting-started.html#id_55142

 

As it notes:

 

"By default, the Management 1/1, Ethernet 1/1, and Ethernet 1/2 interfaces are physically enabled for the chassis and logically enabled in the ASA configuration. To use any additional interfaces, you must enable it for the chassis using this procedure, and then later enable it in the ASA configuration."

 

Once you assigned and enabled the interfaces from FCM, they are available to configure and use on your ASA logical device.

View solution in original post

Highlighted

You can use any available interface except management. The interface must be dedicated for failover purpose.

 

Reference:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/ha-failover.html#ID-2107-0000004d

View solution in original post

9 REPLIES 9
Highlighted
Beginner

I tried to configure failover on eth1/3 but the link not coming up, the link is direct connected. anyone has idea

Highlighted

A Firepower 2100 series running an ASA image (as opposed to FTD) has two management systems. You manage the physical chassis (including assignment of physical interfaces to the ASA and enabling them) from the Firepower Chassis Manager GUI.

 

You then manage the ASA logical device just like a regular ASA, including when you want to build a HA pair with a mate.

Highlighted

Hi Marvin,

i am accessing via console via connect asa command, but the problem only interface eth1/1 and eth1/2 is coming up when i connected back to back cable on eth1/3-8 the port not coming up ?

 

is there any configuration need to do it?

Highlighted

You need to use the Firepower Chassis Manager to assign and enable the interfaces to the ASA logical device.

Highlighted

do you have any document explain the steps ?

 

Thanks

Highlighted

Here's a link to the section in the "Cisco ASA for Firepower 2100 Series Getting Started Guide:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/fp2100/asa-2100-gsg/getting-started.html#id_55142

 

As it notes:

 

"By default, the Management 1/1, Ethernet 1/1, and Ethernet 1/2 interfaces are physically enabled for the chassis and logically enabled in the ASA configuration. To use any additional interfaces, you must enable it for the chassis using this procedure, and then later enable it in the ASA configuration."

 

Once you assigned and enabled the interfaces from FCM, they are available to configure and use on your ASA logical device.

View solution in original post

Highlighted

Hi Marvin,

Thanks a lot for your answer, one more question can i use any interface for failover.

 

Thanks again.

 

 

Highlighted

You can use any available interface except management. The interface must be dedicated for failover purpose.

 

Reference:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/ha-failover.html#ID-2107-0000004d

View solution in original post

Highlighted

Hi Marvin,
Many thanks for you assistant.
Thanks
Content for Community-Ad