April 26, 2018

Cisco :: Configuring ASAv Active/Standby Failover

(Last Updated On: 27th September 2017)

In this article, I will share the configurations used in the within the video below. The configurations enable one to configure Active/Standby ASA’s with failover and redundant failover links. I have included the topology below as a reference.

 

ASAv1 Configurations

#Interface redundant 1

#Member-interface g0/0

#Member-interface g0/1

#No shutdown

#Interface G0/0

#No shutdown

#Interface G0/1

#No shutdown

Configure failover settings on ASAv1

#Failover lan unit primary

#Failover lan interface redundant 1 (This is the interface used for the failover link)

#Failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)

#Failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2

#Failover key cisco (Key needs to match on both ASA’s)

#Failover (Enables failover)

#Write memory (Save your configuration)

Configure Basic Device Settings

#Interface g0/2

#Nameif OUTSIDE

#Ip address 172.16.235.2 255.255.255.0 standby 172.16.235.3

#No shutdown

#Interface g0/3

#Nameif INSIDE

#Ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2

#No shutdown

#Route OUTSIDE 0.0.0.0 0.0.0.0 172.16.235.1

Configure ASAv2

#Interface redundant 1

#Member-interface g0/0

#Member-interface g0/1

#No shutdown

#Interface G0/0

#No shutdown

#Interface G0/1

#No shutdown

#Failover lan interface redundant 1 (This is the interface used for the failover link)

#Failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)

#Failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2

#Failover key cisco (Key needs to match on both ASA’s)

#Failover (Enables failover)

#Write memory

Additional Configurations on ASAv1 (Optional)

#Prompt hostname state priority (Changes he command prompt to show which device is Active and which is Standby)

#Policy-map global_policy

#Class inspection_default

#Inspect ICMP (This command and the above two commands will allow ICMP to be inspected in the global policy)

Please watch the configuration video below for a better understanding.

Previous «
Next »

Security Solutions Consulting Engineer @ Cisco - CCNA R&S/CCNA Security, CCDA & CCNP R&S - Currently working on CCIE Security. Sharing my knowledge and passion for technology. All views are mine and NOT of my company.

Leave a Reply

Subscribe to SYNACK via Email

%d bloggers like this: