How to setup 2 ASA 5520 as failover

25 pts.
Tags:
Adaptive Security Appliances
Cisco ASA 5520
Cisco ASA 5520 Configuration
DMZ
LAN Security
My Objectives: 1. INSIDE can access OFFICE (mail,  application, dns) and INTERNET 2. DMZ can communicate with OFFICE and INTERNET 3. INSIDE and DMZ can access each other 4. OFFICE can access DMZ especially http 5. OFFICE can access INSIDE's web . thank  you ,

Software/Hardware used:
Cisco ASA 5520
ASKED: May 17, 2010  1:33 AM
UPDATED: May 18, 2010  10:10 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

In order to setup your ASAs to failover over you need to determine which one you want as the primary unit and secondary unit. On the primary you need to setup failover using the code:
failover
failover lan unit primary
failover lan interface Failover GigabitEthernet0/3 (You can chance the GE0/ whatever you want. Both units need to use the same failover port and have a crossover cable between them.)
failover link Failover GigabitEthernet0/3 (Keep the same as the above port)
failover interface ip Failover 192.168.254.1 255.255.255.252 standby 192.168.254.2 (Create a small network so the two boxes can talk. This will replicate the config from the primary to the secondary.)

Then to determine what interfaces goes down to failover use this command:
monitor-interface ###
Include all interfaces/vlans you want to monitor and if one fails it will failover to the secondary unit.

Once you have the failover setup, all the changes you add to your primary ASA will also be added to your secondary.

Thanks,
Ryan Gunther
www.onlinetech.com

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • RGunther
    I forgot to add that you need the 5 failover commands added into the secondary ASA as well. Just need to change failover lan unit primary to failover lan unit secondary.
    650 pointsBadges:
    report
  • Papadockjj
    thank you for that , but can you please help me with the other 1. INSIDE can access OFFICE (mail, application, dns) and INTERNET 2. DMZ can communicate with OFFICE and INTERNET 3. INSIDE and DMZ can access each other 4. OFFICE can access DMZ especially http 5. OFFICE can access INSIDE's web .
    25 pointsBadges:
    report
  • Matt Mather
    Is this a homework project? If so then asking for guidance here is fine but you are only cheating yourself getting someone to do it for you.
    3,610 pointsBadges:
    report
  • Papadockjj
    No my friend this is all work for me ,I am new to the ASA 5520 ,so all I need is some help I put in a lot of hrs on this thank you .
    25 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following