[c-nsp] Cisco ASA 5510 Failover- Active/StandBy (Fourpros it)

Christopher J. Wargaski wargo1 at gmail.com
Sun Sep 12 14:19:02 EDT 2010 

Hello--

   Yes, you need the Security Plus license for failover / High
Availability. You can easily tell if the license you have on the ASA
supports failover. Run the "show ver" command and look for the
following:

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100
Inside Hosts                 : Unlimited
Failover                     : Active/Active
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

   Cisco's ASA model comparison found at
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
shows that the 5505 is limited to a stateless active /standby failover
configuration. The 5510 can be stateful active/active or
active/standby. In order to configure active/active high availability
on the ASA you must configure contexts which creates multiple logical
firewalls.

   Make sure that the exact same ASA firmware is installed, and the
exact same modules are installed.

   Configuring failover is fairly easy:

Primary ASA:

interface Ethernet0/1
 description Outisde - Internet
 ip address 10.1.254.254 255.255.255.0  standby 10.1.254.252
 no shut

interface Ethernet0/0
 description Inside - Trusted LANs
 ip address 6.7.8.9 255.255.255.0 standby 6.7.8.10
 no shut

failover lan unit primary
failover lan interface failover e0/3
failover interface ip failover 10.1.253.254 255.255.255.252 standby 10.1.253.253

int e0/3
 description Failover link
 failover link failover e0/3
 no shut


Failover ASA:

failover lan interface failover e0/3
failover interface ip failover 10.1.253.254 255.255.255.252 standby 10.1.253.253

int e0/3
 description Failover link
 failover link failover e0/3
 no shut

failover lan unit secondary
failover


Primary ASA:
wr me
wr standby







cjw



> Date: Sun, 12 Sep 2010 17:42:43 +0545
> From: Fourpros it <fourprosit at gmail.com>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco ASA 5510 Failover- Active/StandBy
> Message-ID:
>        <AANLkTinbPj641uFyiQB22zMDwan-9HLp83rzdq+qQ3O6 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Dear experts,
> I have  two Cisco ASA 5510, Model ASA5510-AIP10-K9 and ASA5510-CSC10-K9, now
> the scenario is to do failover Active/Standby statefull.
>
> On the Model Comparison Sheet of CISCO ASA5500 Series, mentioned that For
> Failover on ASA 5510 required a Security Plus licenses and On Cisco ASA
> Command Configuration Guide there mentioned Base licenses work required
> Security Plus license for ASA 5505 only.
> So in my case is it required to have Security Plus license or not???
>
> Another for failover, both device should be identical but i have two
> different model device- AIP and CSC. So for this if i remove the module AIP
> and CSC from the devices will it be working for failover on normal base
> firewall mode ASA.If there is any other method to fulfill this scenario then
> please suggest me. Please provide any such procedure that made my Cisco ASA
> 5510 be used on fail over mode. It will be great help from the experts like
> you.
>
> Thank You
>
> Regards,
> Fourprosit

More information about the cisco-nsp mailing list