USD ($)
$
United States Dollar
India Rupee
Your cart is empty
Empty notifications
Login Register

Active Standby Failover

Lesson 1/10 | Study Time: 120 Min
Course: Cisco ASA VPN Lab Workbook for Practice
Active Standby Failover

Task

• On Switch 02 Configure int e1/0, e2/0 , e3/0 in vlan 2,  int e1/1 ,  e2/1 in Vlan 3 and int e1/2, e2/2 , e3/2 in Vlan4

• Configure R1 ip 192.168.1.1 /24 and R2 ip 101.1.1.1 /24  

• Configure ASA01

• int e0 ip 192.168.1.10 and standby ip 192.168.1.11  with nameif ‘inside’ and security level ‘100’

• int  e2 ip add 101.1.1.10 and standby ip 101.1.1.11 with nameif  ‘outside’ and security level ‘0’

• Do not configure anything on ASA02  just no shutdown int e0 , int e1, int e2

• Run the failover commands and make ASA01 as Active and ASA02 as Standby

• Failover LAN interface name FOVER and bind interface  e1

• Failover LAN ip is 7.7.100.100/24 and standby 7.7.100.101 

• Create an Access-list for ICMP allowing any traffic fom Outside interface

Explanation

Failover is a feature that is visible on Cisco ASA to provide  device redundancy . So that in case if one ASA fails  another ASA can take over it’s role

Type of Redundancy 

I. Device Redundancy

Active standby Failover

Active Active Failover

II. Interface Redundancy

Etherchannel

Failover types

1. Active Standby

● In this one firewall is active and another firewall is standby

● Active device is responsible for forwarding data traffic

● Can be done in both Single and Multiple mode

2. Active-Active failover

● In this, both ASA will be in Active mode

● Can run only in Multiple Mode

● Device redundancy and load balancing are achieved

Configuration

On SW2


On R1

On R2

On ASA1(do not configure on int e1 just no sh )

On ASA02 (do not configure on int e0 , int e1 , int e2 just ‘no shut’ them)

Failover Command on ASA1 

• Tell the unit with Failover lan unit primary

• Tell failover  lan name and interface

• Tell failover interface ip 7.7.100.100 /24 and standby ip 7.7.100.101/24

Failover command on ASA2

• No need to tell failover unit as by default ll the failover is in standby mode

• Failover lan name and interface

• Tell failover interface ip 7.7.100.100 /24 and standby ip 7.7.100.101/24

Check the int ip on both ASA1 and ASA2

ping ASA1 to ASA2 failover link ip

Run “failover” command on both ASA1 and ASA2

Now the configuration replication occur automatically

ASA1

ASA2

Command “show failover”(This should be in Active mode)

ACL on ASA1 (run command “prompt hostname state”

Result

 Ping from R1 to R2 

Debug ip ICMP

On SW1 (shut int e1/0) then check ASA01

ASA1 (standby)

ASA2 (active)

Previous Lesson Next Lesson
Gautam Sharma

Gautam Sharma

Product Designer
★★★★★ 4.97
Faithful User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Loyal Writer
Profile

Class Sessions

1- Active Standby Failover 2- NAT 3- Manual NAT 4- MPF 5- Security Context 6- MPF Allowing BGP pass through network 7- DNS Doctoring 8- Access Lists 9- Modular Policy Framework Allowing only 2 consecutive session 10- MPF TCP Ideal timeout with reset