Firewall Wizards mailing list archives
Re: Active-Active Single-context Failover on an ASA 5550
From: "Post, Lenny" <Lenny.Post () devoncanada com>
Date: Mon, 19 Nov 2007 08:02:29 -0700
In order to sucessfully configure Active/Active failover on 2 ASAs requires that you run multiple contexts on each device. If you do not have multiple contexts the default is Active/Standby (which appears to be what you are seeing). Cisco has a nice write up of how to setup Active/Active on their website check out http://www.cisco.com/en/US/products/ps6120/products_configuration_exampl e09186a0080834058.shtml Lenny -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Keith A. Glass Sent: Friday, November 16, 2007 8:42 AM To: firewall-wizards () listserv icsalabs com Subject: [fw-wiz] Active-Active Single-context Failover on an ASA 5550 I'm attempting to create an Active-Active failover configuration on a pair of ASA 5550s. Problem is, when I try clustering them up, I see the unconfigured secondary come up and take over the cluster, replacing the ruleset on the primary with the basic clustering setup config of the secondary Basic config is 10.x.y.z /28 as internal, 10.x.y.a/240 as external, with the State failovers on 192.168.10.10/.11 /24 and LAN Failovers as 192.168.20.10/.11 /24 Failovers are cabled with crossovers. and the int and ext addresses as on the switch. Any suggestions ???? Any idea what I'm doing wrong ?? Keith _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Active-Active Single-context Failover on an ASA 5550 Keith A. Glass (Nov 17)
- Re: Active-Active Single-context Failover on an ASA 5550 Post, Lenny (Nov 23)