ASA 5520 Ative/standby failover

Discussion in 'Cisco' started by UBEST, Apr 20, 2007.

  1. UBEST

    UBEST Guest

    Hello there,

    For failover setup, do we need turn on interface on the secondary unit
    with no shutdown command?

    Here is example from my home work, is there any thing needed to be
    fixed? any suggestion?

    TIA.

    Primary Unit Configuration
    --------------------------

    hostname pixfirewall
    enable password myenablepassword
    password mypassword
    interface GigabitEthernet0/0 security 0
    nameif outside
    ip address 109.23.18.2 255.255.255.0 standby
    109.23.18.3
    no shutdown
    interface GigabitEthernet0/1 security 100
    nameif inside
    ip address 10.10.10.1 255.255.192.0 standby
    10.10.10.2
    no shutdown
    interface GigabitEthernet0/2 security 40
    description LAN Failover Interface
    no shutdown
    interface GigabitEthernet0/3 security 50
    no shutdown
    description STATE Failover Interface

    telnet 10.10.10.0 255.255.255.0 inside

    access-list acl_out permit tcp any host 109.23.18.31
    eq 80
    failover
    failover lan unit primary
    failover lan interface failover GigabitEthernet0/2
    ! failover lan enable
    ! The failover lan enable command is required on the
    PIX security appliance only.
    failover polltime unit msec 200 holdtime msec 800
    failover key key1
    failover link state GigabitEthernet0/3
    failover interface ip failover 192.168.254.1
    255.255.255.0 standby 192.168.254.2
    failover interface ip state 192.168.253.1
    255.255.255.0 standby 192.168.253.2
    failover mac address GigabitEthernet 0/0 active_Mac
    Standby_Mac
    failover mac address GigabitEthernet 0/1 active_Mac
    Standby_Mac
    failover replication http

    global (outside) 1 109.23.18.5 netmask 255.255.255.0
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) 109.23.18.31 10.10.10.31
    netmask 255.255.255.255 0 0
    access-group acl_out in interface outside
    route outside 0.0.0.0 0.0.0.0 109.23.18.1 1




    Example 8: Secondary Unit Configuration
    failover
    failover lan unit secondary
    failover lan interface failover GigabitEthernet0/2
    !failover lan enable
    ! The failover lan enable command is required on the
    PIX security appliance only.
    failover key key1
    failover interface ip failover 192.168.254.1
    255.255.255.0 standby 192.168.254.2
    UBEST, Apr 20, 2007
    #1
    1. Advertising

  2. UBEST

    Darren Green Guest

    "UBEST" <> wrote in message
    news:...
    > Hello there,
    >
    > For failover setup, do we need turn on interface on the secondary unit
    > with no shutdown command?
    >
    > Here is example from my home work, is there any thing needed to be
    > fixed? any suggestion?
    >
    > TIA.
    >

    Hi.

    A in interface that was shutdown would not be able to communicate with it
    another, so yes.

    There is a raft of intformation on Cisco relating to what is and isn't
    required for configuring failover between ASA's and / or PIX's. A good link
    is
    Darren Green, Apr 21, 2007
    #2
    1. Advertising

  3. UBEST

    Darren Green Guest

    >
    > A in interface that was shutdown would not be able to communicate with it
    > another, so yes.
    >
    > There is a raft of intformation on Cisco relating to what is and isn't
    > required for configuring failover between ASA's and / or PIX's. A good
    > link is
    >
    >

    Clicked send a bit too quickly there :)
    Darren Green, Apr 21, 2007
    #3
  4. UBEST

    UBEST Guest

    That's what I thought too. I just don't know why Cisco doesn't include
    it on their Sample Configuration. Thanks. It works great with two ASA
    5520 failover. First time I did the configuration.

    Cheers.

    On Sat, 21 Apr 2007 09:21:07 +0100, "Darren Green"
    <> wrote:

    >
    >"UBEST" <> wrote in message
    >news:...
    >> Hello there,
    >>
    >> For failover setup, do we need turn on interface on the secondary unit
    >> with no shutdown command?
    >>
    >> Here is example from my home work, is there any thing needed to be
    >> fixed? any suggestion?
    >>
    >> TIA.
    >>

    >Hi.
    >
    >A in interface that was shutdown would not be able to communicate with it
    >another, so yes.
    >
    >There is a raft of intformation on Cisco relating to what is and isn't
    >required for configuring failover between ASA's and / or PIX's. A good link
    >is
    >
    UBEST, Apr 22, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bernd Nies
    Replies:
    5
    Views:
    8,887
    Bernd Nies
    Apr 17, 2007
  2. UBEST
    Replies:
    0
    Views:
    721
    UBEST
    Apr 24, 2007
  3. Replies:
    1
    Views:
    541
    rameshhx
    Feb 22, 2009
  4. Jason
    Replies:
    2
    Views:
    848
    Jason
    May 3, 2010
  5. alpha_213

    ASA 5520 - remove Failover

    alpha_213, Sep 1, 2010, in forum: Cisco
    Replies:
    0
    Views:
    1,367
    alpha_213
    Sep 1, 2010
Loading...

Share This Page