Register

Forgot Password

Site FAQ

Home > IT Answers > Security > How to setup 2 ASA 5520 as failover

Papadockjj

25 pts.

How to setup 2 ASA 5520 as failover

Adaptive Security Appliances, Cisco ASA 5520, Cisco ASA 5520 Configuration, DMZ, LAN Security

My Objectives: 1. INSIDE can access OFFICE (mail, application, dns) and INTERNET 2. DMZ can communicate with OFFICE and INTERNET 3. INSIDE and DMZ can access each other 4. OFFICE can access DMZ especially http 5. OFFICE can access INSIDE's web . thank you ,

Software/Hardware used:
Cisco ASA 5520

ASKED: May 17, 2010 1:33 AM

UPDATED: May 18, 2010 10:10 AM

RELATED QUESTIONS

Answer Wiki:

In order to setup your ASAs to failover over you need to determine which one you want as the primary unit and secondary unit. On the primary you need to setup failover using the code: failover failover lan unit primary failover lan interface Failover GigabitEthernet0/3 (You can chance the GE0/ whatever you want. Both units need to use the same failover port and have a crossover cable between them.) failover link Failover GigabitEthernet0/3 (Keep the same as the above port) failover interface ip Failover 192.168.254.1 255.255.255.252 standby 192.168.254.2 (Create a small network so the two boxes can talk. This will replicate the config from the primary to the secondary.) Then to determine what interfaces goes down to failover use this command: monitor-interface ### Include all interfaces/vlans you want to monitor and if one fails it will failover to the secondary unit. Once you have the failover setup, all the changes you add to your primary ASA will also be added to your secondary. Thanks, Ryan Gunther www.onlinetech.com

Then to determine what interfaces goes down to failover use this command:
monitor-interface ###
Include all interfaces/vlans you want to monitor and if one fails it will failover to the secondary unit.

Once you have the failover setup, all the changes you add to your primary ASA will also be added to your secondary.

Thanks,
Ryan Gunther
www.onlinetech.com

Last Wiki Answer Submitted: May 17, 2010 1:46 pm by RGunther

650 pts.

All Answer Wiki Contributors: RGunther

650 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: May 17, 2010 3:34 PM (GMT)

I forgot to add that you need the 5 failover commands added into the secondary ASA as well. Just need to change failover lan unit primary to failover lan unit secondary.

RGunther

650 pts.

POSTED: May 18, 2010 2:34 AM (GMT)

thank you for that , but can you please help me with the other
1. INSIDE can access OFFICE (mail, application, dns) and INTERNET
2. DMZ can communicate with OFFICE and INTERNET
3. INSIDE and DMZ can access each other
4. OFFICE can access DMZ especially http
5. OFFICE can access INSIDE’s web .

Papadockjj

25 pts.

POSTED: May 18, 2010 9:04 AM (GMT)

Is this a homework project? If so then asking for guidance here is fine but you are only cheating yourself getting someone to do it for you.

Matt Mather

3,610 pts.

POSTED: May 18, 2010 10:10 AM (GMT)

No my friend this is all work for me ,I am new to the ASA 5520 ,so all I need is some help I put in a lot of hrs on this thank you .

Papadockjj

25 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags