You are currently viewing CCIE Security Notes: Configuring ASAv Active/Standby Failover

CCIE Security Notes: Configuring ASAv Active/Standby Failover

Changelog

  • Updated the article title
  • Remove broken image link

In this article, I will share the configurations used in the within the following video below.

ASAv1 Configurations

#Interface redundant 1

#Member-interface g0/0

#Member-interface g0/1

#No shutdown

#Interface G0/0

#No shutdown

#Interface G0/1

#No shutdown

Configure failover settings on ASAv1

#Failover lan unit primary

#Failover lan interface redundant 1 (This is the interface used for the failover link)

#Failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)

#Failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2

#Failover key cisco (Key needs to match on both ASA’s)

#Failover (Enables failover)

#Write memory (Save your configuration)

Configure Basic Device Settings

#Interface g0/2

#Nameif OUTSIDE

#Ip address 172.16.235.2 255.255.255.0 standby 172.16.235.3

#No shutdown

#Interface g0/3

#Nameif INSIDE

#Ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2

#No shutdown

#Route OUTSIDE 0.0.0.0 0.0.0.0 172.16.235.1

Configure ASAv2

#Interface redundant 1

#Member-interface g0/0

#Member-interface g0/1

#No shutdown

#Interface G0/0

#No shutdown

#Interface G0/1

#No shutdown

#Failover lan interface redundant 1 (This is the interface used for the failover link)

#Failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1)

#Failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2

#Failover key cisco (Key needs to match on both ASA’s)

#Failover (Enables failover)

#Write memory

Additional Configurations on ASAv1 (Optional)

#Prompt hostname state priority (Changes he command prompt to show which device is Active and which is Standby)

#Policy-map global_policy

#Class inspection_default

#Inspect ICMP (This command and the above two commands will allow ICMP to be inspected in the global policy)

Please watch the configuration video below for a better understanding.

iwiizkiid

Kelvin is a Cyber Security professional with years and experience working with organisations in different verticals, both large and small. He enjoys contributing to the Network Wizkid knowledge base and he also creates technical content. Kelvin enjoys learning new things and often does this by working on achieving new technical certifications. He holds many professional certifications and academically, he has achieved a Bachelors and Master's degree in both Computer Networks and Cyber Security.

Leave a Reply