Firewall Wizards mailing list archives

Re: Active-Active Single-context Failover on an ASA 5550

From: "Post, Lenny" <Lenny.Post () devoncanada com>
Date: Mon, 19 Nov 2007 08:02:29 -0700

In order to sucessfully configure Active/Active failover on 2 ASAs
requires that you run multiple contexts on each device.  If you do not
have multiple contexts the default is Active/Standby (which appears to
be what you are seeing).

Cisco has a nice write up of how to setup Active/Active on their website
check out
http://www.cisco.com/en/US/products/ps6120/products_configuration_exampl
e09186a0080834058.shtml

Lenny

-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Keith A. Glass
Sent: Friday, November 16, 2007 8:42 AM
To: firewall-wizards () listserv icsalabs com
Subject: [fw-wiz] Active-Active Single-context Failover on an ASA 5550

I'm attempting to create an Active-Active failover configuration on a
pair of ASA 5550s.

Problem is, when I try clustering them up, I see the unconfigured
secondary come up and take over the cluster, replacing the ruleset on
the primary with the basic clustering setup config of the secondary

Basic config is 10.x.y.z /28 as internal, 10.x.y.a/240 as external, with
the State failovers on 192.168.10.10/.11 /24 and LAN Failovers as
192.168.20.10/.11 /24

Failovers are cabled with crossovers. and the int and ext addresses as
on the switch.

Any suggestions ????  Any idea what I'm doing wrong ??

Keith


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), 
are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard 
copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly 
prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete 
this message and any attachments from your system. 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Active-Active Single-context Failover on an ASA 5550 Keith A. Glass (Nov 17)
- Re: Active-Active Single-context Failover on an ASA 5550 Post, Lenny (Nov 23)