11-21-2011 03:38 PM - edited 03-11-2019 02:53 PM
Hello,
I have a single production 5510 with 2 contexts. Now I want to integrate the secondary failover unit. My question is: How much configuration needs to be done on the secondary firewall? How much of the configuration will be sync'd from the primary to the secondary when the secondary is connected?
For example, do I need to add the following on the secondary or will it be sync'd from the primary?
admin-context NAME
context NAME
allocate-interface Ethernet0/0.14
allocate-interface Ethernet0/0.200
allocate-interface Ethernet0/1.23-Ethernet0/1.24
allocate-interface Management0/0
config-url disk0:/NAME.cfg
!
context CONTEXT1
allocate-interface Ethernet0/0.104
allocate-interface Ethernet0/1.500
config-url disk0:/CONTEXT1.cfg
Thanks
Solved! Go to Solution.
11-22-2011 12:26 PM
Hi Greg,
Before I physically connect the standby firewall I should run the: "failover" command on the primary firewall, right?
You can introduce the secondary (standby) device in the network ; however enable the "failover" command on the primary firewall first.
The following line: "failover interface ip ASA-Failover 10.0.1.1 255.255.255.252 standby 10.0.1.2" is configured the same on both primary and secondary firewall, right?
Yes , absoultely correct
Hope this helps !
Regards
Ankur
11-21-2011 09:02 PM
Hi Greg,
As a first step , ensure that the secondary unit is configured in multiple mode and all physical interfaces are unshut following which you need to just configure the below commands in the system execution space and nothing else.
failover lan unit secondary
failover lan interface FO Ethernet3-> considering that this is the interface you are using for failover link
failover key *****
failover interface ip FO 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover--> enter this command at last
Please go through the below link and navigate to "Secondary Unit Configuration" section under the heading LAN-Based Active/Active Failover Configuration
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml
After you enable failover, the active unit sends the configuration in running memory to the standby unit and the complete configuration of the primary (including the one which you have mentioned) gets replicated to secondary unit
Regards
Ankur
11-22-2011 11:06 AM
Thanks Ankur,
Good information. I have a few more questions.
Before I physically connect the standby firewall I should run the: "failover" command on the primary firewall, right?
The following line: "failover interface ip ASA-Failover 10.0.1.1 255.255.255.252 standby 10.0.1.2" is configured the same on both primary and secondary firewall, right?
11-22-2011 12:26 PM
Hi Greg,
Before I physically connect the standby firewall I should run the: "failover" command on the primary firewall, right?
You can introduce the secondary (standby) device in the network ; however enable the "failover" command on the primary firewall first.
The following line: "failover interface ip ASA-Failover 10.0.1.1 255.255.255.252 standby 10.0.1.2" is configured the same on both primary and secondary firewall, right?
Yes , absoultely correct
Hope this helps !
Regards
Ankur
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide