Configure Active Standby Failover on Cisco Firewall

Design & Configure

Configuration General (15)

Design Corner (7)

DevOps (4)

Enterprise Routing (25)

Enterprise Switching (24)

Enterprise WAN (15)

LAN Security (2)

Network Security (33)

Network Services (3)

SD-WAN (3)

Cisco Firewall HA – ACTIVE STANDBY Failover

Technology: Firewall

Area: High Availability

Vendor: Cisco

Software: Cisco Adaptive Security Appliance (ASA)

Platform: Cisco ASA 5505, 5500, 5525

Description:

Active-Standby failover means that two units are working in an active-standby configuration where the active state is always present on one of the failover pairs. The other one is standby. Standby has an identical configuration as active and pools an active unit with keepalive packets. Based on the defined time, the failover condition is checked. If the failover condition is met, the standby unit becomes active and acquires an active IP address and MAC. The standby IP and MAC goes to the standby unit.

Code:

The basic failover configuration is presented below:

Primary unit
failover failover lan unit primary failover lan interface FAILOVER GigabitEthernet0/6 failover link STATEFULL GigabitEthernet0/7 failover interface ip FAILOVER 192.168.1.1 255.255.255.252 standby 192.168.1.2 failover interface ip STATEFULL 192.168.2.1 255.255.255.252 standby 192.168.2.2

Secondary unit
failover failover lan unit secondary failover lan interface FAILOVER GigabitEthernet0/6 failover link STATEFULL GigabitEthernet0/7 failover interface ip FAILOVER 192.168.1.1 255.255.255.252 standby 192.168.1.2 failover interface ip STATEFULL 192.168.2.1 255.255.255.252 standby 192.168.2.2

More information

Cisco ASA Active standby failover design

Author: Krzysztof Osmałek

Design & Configure

Cisco Firewall HA – ACTIVE STANDBY Failover

Description:

Code:

More information

Cisco Firepower up to 60% discount