Jump to content


ASA Failover:

#ASA #Failover #CCSP #Security

  • Please log in to reply
2 replies to this topic

#1 qatarneh

qatarneh

    Newbie

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Amman-Jordan

Posted 08 January 2013 - 01:59 AM

Dears,

I am going to Configure the Failover, between 2 of ASA's, Active/Standby Failover.

Each ASA have 3 DMZ's, one of them on ethernet 0/0 "OUTSIDE", and two of them on ethernet 0/1 "Subinterface".

So each ASA must have 3 cables, two of them on switch, and one of them point to point between ASA's.

The general configuration:

ASA01:

interface Management0/0
description LAN/STATE Failover Interface

failover
failover lan unit primary
failover lan interface fail Management0/0
failover link fail Management0/0
failover interface ip fail 192.168.128.1 255.255.255.252 standby 192.168.128.2

ASA02:

interface Management0/0
description LAN/STATE Failover Interface

failover
failover lan unit secondary
failover lan interface fail Management0/0
failover link fail Management0/0
failover interface ip fail 192.168.128.1 255.255.255.252 standby 192.168.128.2

-----------------------------------------------------------------------------------------------------
So this we will work successfully !!!
If you have an opinion or idea, please send.

Regards,
  • 0

#2 FS

FS

    The Admin

  • Admin
  • PipPipPipPipPip
  • 1434 posts
  • Gender:Male
  • Location:downunder

Posted 22 January 2013 - 10:22 AM

speaking about asa failover, is there a special license required to be purchased to do this? we have one 5510 already in place and thinking on getting a second unit to build a failover scenario.



#3 qatarneh

qatarneh

    Newbie

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Amman-Jordan

Posted 22 January 2013 - 03:51 PM

speaking about asa failover, is there a special license required to be purchased to do this? we have one 5510 already in place and thinking on getting a second unit to build a failover scenario.

 

Yes there is special license required for failover on ASA 5510, Older versions of adaptive security appliance software required that the licenses match on each unit. Starting with Version 8.3(1), you no longer need to install identical licenses. Typically, you buy a license only for the primary unit; for Active/Standby failover, the secondary unit inherits the primary license when it becomes active. If you have licenses on both units, they combine into a single running failover cluster license.


  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users