Configuring Cisco ASA Active-Standby Failover using ASDM
In this post I will be configuring active –standby failover with Cisco ASA.I will using the wizard driven configuration which allows to understand each and every aspect of the configuration and it makes it easy to troubleshoot.
Prerequisites for Active/Standby Failover
Active/Standby failover has the following prerequisites:
•Both units must be identical ASAs that are connected to each other through a dedicated failover link and, optionally, a Stateful Failover link.
•Both units must have the same software configuration and the proper license.
•Both units must be in the same mode (single or multiple, transparent or routed).
I will be using the following simple topology to test my failover setup.
Configuration used in this topology
ASA 1(Active)
Public IP :- 192.168.50.100
Private IP : 10.10.10.1
Failover IP : 175.16.0.1
ASA 1(Active)
Public IP :- 192.168.50.200
Private IP : 10.10.10.2
Failover IP : 175.16.0.2
ASDM access is configured for 192.168.1.50 (Desktop PC).
Let’s begin the configuration by connecting the asdm to ASA and by going to Configuration > Device Management > High Availability
Click Launch High Availability and scalability Wizard
Choose Active/standby fail-over and Click Next
Enter the Peer IP address (Standby ASA Internal Interface) and Click Next
It will ask for the Standby ASA ASDM username and password, Once it provided and will complete the compatibility test.Click Next to continue
Provide the IP address for Active and standby ASA. Provide Secret key and Click next to continue.
You can monitor the status of the failover setup in Monitoring > Properties > Failover > Status. You also have the option of manually making a particular ASA active or passive depending on your need.
The Manual configuration wizard also provided below and you can see the same details here.
Now we can access the device over the network and no longer need to worry about a single point of failure.
0 comments:
Post a Comment