Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
6
Replies

Help needed in ASA 5540 Cluster/Failover setup

Hidayat Khan
Level 1
Level 1

‎11-08-2013 01:32 PM - edited ‎03-11-2019 08:02 PM

Hello expert,

                    Currently we have two asa in our Datacenter setup as a Active/Standby failover setup and tested ie failover is working,(if one FW goes down), but what if a the uplink switches/links or backend switches go down, how does the active fw knows to failover ?

Current setup

          |                                        |

    ___|___                              __|___

---| SW 1 |------------------------ | Sw2   |     

    ----------                              -----------

          |                                        |

    ___|___                              __|___

---| FW 1 |------------------------ | FW-2 |     

    ----------                              ----------

          |                                        |

    ___|___                              __|___

---| SW 1 |------------------------ | Sw2   |     

    ----------                              -----------

In the above figure, FW1 is active and I have powerd off the uplink  SW1, but the FW2 did not take over, and the same for backend switches, So how do I configure my FW's so that any of the uplink or back end switches go down, the Active should give its role to standby to forward the traffice from a different switch ie sw2 in case sw1 goes down.

Or Is there any mechanisim where I can monitor the interfaces ie uplinks or back end links etc ?

Your help is appreciated.

Regards

Labels:
0 Helpful
6 Replies 6

jumora
Level 7
Level 7

‎11-08-2013 01:48 PM

It seems that you have LAN link directly connected between the boxes, so the unit will determine that Primary/Active has interfaces that are inactive and failover. You should read:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

This link gives you the failover triggers and failover actions.

Value our effort and rate the assistance!
0 Helpful

Hidayat Khan
Level 1
Level 1
In response to jumora

‎11-09-2013 04:08 AM

Thanks Jumora,

                        I will have a look into this and will let you know.

H Khan

0 Helpful

Karsten Iwen
VIP
VIP

‎11-09-2013 12:51 AM

if the failure of a directly connected device (that results in a link-down event on the ASA) doesn't trigger the failover it's nearly always a misconfiguration of the "monitor-interface" commands where the config tells the ASA that an interface is not "important enough" to trigger a failover.

Sent from Cisco Technical Support iPad App

0 Helpful

Hidayat Khan
Level 1
Level 1
In response to Karsten Iwen

‎11-09-2013 04:09 AM

Thanks Karsten,

                        I will have a look into this and will let you know.

H Khan

0 Helpful

jumora
Level 7
Level 7
In response to Hidayat Khan

‎11-09-2013 09:17 PM

Please rate our assistance!!!

Value our effort and rate the assistance!
0 Helpful

jumora
Level 7
Level 7
In response to jumora

‎11-12-2013 11:03 AM

any progress on this?

Value our effort and rate the assistance!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card