Configuring Cisco ASA Active/Standby Failover

In this article, I will share the configurations used in the within the video below. The configurations enable one to configure Active/Standby ASA’s with failover and redundant failover links.

<div data-draftjs-conductor-fragment="{"blocks":[{"key":"blqqm","text":"In this article, I will share the configurations used in the within the video below. The configurations enable one to configure Active/Standby ASA’s with failover and redundant failover links.","type":"unstyled","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"678nh","text":"","type":"unstyled","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"6vo2q","text":" ","type":"unstyled","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"87k7g","text":"ASAv1 Configurations","type":"header-two","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"1omrk","text":"interface redundant 1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":21,"style":"ITALIC"},{"offset":0,"length":21,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"968sv","text":"member-interface g0/0","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":21,"style":"ITALIC"},{"offset":0,"length":21,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"a1d2f","text":"member-interface g0/1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":21,"style":"ITALIC"},{"offset":0,"length":21,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"4qe4a","text":"no shutdown#Interface G0/0","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":26,"style":"ITALIC"},{"offset":0,"length":26,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"8phsm","text":"no shutdown#Interface G0/1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":26,"style":"ITALIC"},{"offset":0,"length":26,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"epe8n","text":"no shutdown","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":11,"style":"ITALIC"},{"offset":0,"length":11,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"dua95","text":"Configure failover settings on ASAv1","type":"header-two","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"binak","text":"failover lan unit primary","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":25,"style":"ITALIC"},{"offset":0,"length":25,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"6csb1","text":"failover lan interface redundant 1 (This is the interface used for the failover link)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":85,"style":"ITALIC"},{"offset":0,"length":85,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"66nia","text":"failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":105,"style":"ITALIC"},{"offset":0,"length":105,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"1oh6g","text":"failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":70,"style":"ITALIC"},{"offset":0,"length":70,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"1u8s8","text":"failover key cisco (Key needs to match on both ASA’s)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":53,"style":"ITALIC"},{"offset":0,"length":53,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"6mhm9","text":"failover (Enables failover)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":27,"style":"ITALIC"},{"offset":0,"length":27,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"fl9c6","text":"write memory (Save your configuration)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":38,"style":"ITALIC"},{"offset":0,"length":38,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"9r9nt","text":"Configure Basic Device Settings","type":"header-two","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"esncu","text":"interface g0/2","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":14,"style":"ITALIC"},{"offset":0,"length":14,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"7jq9f","text":"nameif OUTSIDE","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":14,"style":"ITALIC"},{"offset":0,"length":14,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"53d1f","text":"ip address 172.16.235.2 255.255.255.0 standby 172.16.235.3","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":58,"style":"ITALIC"},{"offset":0,"length":58,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"bv98","text":"no shutdown#Interface g0/3","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":26,"style":"ITALIC"},{"offset":0,"length":26,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"5i3ia","text":"nameif INSIDE","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":13,"style":"ITALIC"},{"offset":0,"length":13,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"er5lf","text":"ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":58,"style":"ITALIC"},{"offset":0,"length":58,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"8uaio","text":"no shutdown","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":11,"style":"ITALIC"},{"offset":0,"length":11,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"33b14","text":"route OUTSIDE 0.0.0.0 0.0.0.0 172.16.235.1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":42,"style":"ITALIC"},{"offset":0,"length":42,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"3h42b","text":"Configure ASAv2","type":"header-two","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"agl7k","text":"interface redundant 1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":21,"style":"ITALIC"},{"offset":0,"length":21,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"f03qv","text":"member-interface g0/0","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":21,"style":"ITALIC"},{"offset":0,"length":21,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"e2ibn","text":"member-interface g0/1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":21,"style":"ITALIC"},{"offset":0,"length":21,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"5kobi","text":"no shutdown","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":11,"style":"ITALIC"},{"offset":0,"length":11,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"9rl7u","text":"interface G0/0","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":14,"style":"ITALIC"},{"offset":0,"length":14,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"85nmk","text":"no shutdown","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":11,"style":"ITALIC"},{"offset":0,"length":11,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"a6n4f","text":"interface G0/1","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":14,"style":"ITALIC"},{"offset":0,"length":14,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"85s6i","text":"no shutdown","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":11,"style":"ITALIC"},{"offset":0,"length":11,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"3f90m","text":"failover lan interface redundant 1 (This is the interface used for the failover link)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":85,"style":"ITALIC"},{"offset":0,"length":85,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"38vjn","text":"failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":105,"style":"ITALIC"},{"offset":0,"length":105,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"2087p","text":"failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":70,"style":"ITALIC"},{"offset":0,"length":70,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"b8959","text":"failover key cisco (Key needs to match on both ASA’s)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":53,"style":"ITALIC"},{"offset":0,"length":53,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"k2ha","text":"failover (Enables failover)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":27,"style":"ITALIC"},{"offset":0,"length":27,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"f4arq","text":"write memory","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":12,"style":"ITALIC"},{"offset":0,"length":12,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"f3j8h","text":"Additional Configurations on ASAv1 (Optional)","type":"header-two","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"fjdei","text":"prompt hostname state priority (Changes he command prompt to show which device is Active and which is Standby)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":110,"style":"ITALIC"},{"offset":0,"length":110,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"2v5em","text":"policy-map global_policy","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":24,"style":"ITALIC"},{"offset":0,"length":24,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"7f5fg","text":"class inspection_default","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":24,"style":"ITALIC"},{"offset":0,"length":24,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"fhcmm","text":"inspect ICMP (This command and the above two commands will allow ICMP to be inspected in the global policy)","type":"blockquote","depth":0,"inlineStyleRanges":[{"offset":0,"length":107,"style":"ITALIC"},{"offset":0,"length":107,"style":"BOLD"}],"entityRanges":[],"data":{}},{"key":"56bgo","text":"Please watch the configuration video below for a better understanding.","type":"unstyled","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"63qas","text":"","type":"unstyled","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}},{"key":"332cm","text":" ","type":"atomic","depth":0,"inlineStyleRanges":[],"entityRanges":[{"offset":0,"length":1,"key":0}],"data":{}},{"key":"b7v62","text":"#ASAActiveStandbyFailover #CiscoASAFailover #asa #ASAvFailover #ASAFailover #asav","type":"unstyled","depth":0,"inlineStyleRanges":[],"entityRanges":[],"data":{}}],"entityMap":{"0":{"type":"wix-draft-plugin-html","mutability":"IMMUTABLE","data":{"src":"”,”srcType”:”html”,”config”:{“alignment”:”center”,”size”:”content”,”height”:360,”width”:640}}}}}” style=”white-space: pre-wrap;”>


ASAv1 Configurations

interface redundant 1
member-interface g0/0
member-interface g0/1
no shutdown#Interface G0/0
no shutdown#Interface G0/1
no shutdown

Configure failover settings on ASAv1

failover lan unit primary
failover lan interface redundant 1 (This is the interface used for the failover link)
failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)
failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2
failover key cisco (Key needs to match on both ASA’s)
failover (Enables failover)
write memory (Save your configuration)

Configure Basic Device Settings

interface g0/2
nameif OUTSIDE
ip address 172.16.235.2 255.255.255.0 standby 172.16.235.3
no shutdown#Interface g0/3
nameif INSIDE
ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2
no shutdown
route OUTSIDE 0.0.0.0 0.0.0.0 172.16.235.1

Configure ASAv2

interface redundant 1
member-interface g0/0
member-interface g0/1
no shutdown
interface G0/0
no shutdown
interface G0/1
no shutdown
failover lan interface redundant 1 (This is the interface used for the failover link)
failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)
failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2
failover key cisco (Key needs to match on both ASA’s)
failover (Enables failover)
write memory

Additional Configurations on ASAv1 (Optional)

prompt hostname state priority (Changes he command prompt to show which device is Active and which is Standby)
policy-map global_policy
class inspection_default
inspect ICMP (This command and the above two commands will allow ICMP to be inspected in the global policy)
Please watch the configuration video below for a better understanding.
 

 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: