Need assistance !!
I have 2 ASA connected to 4 switches , how does the config work for fail over ?
sw sw
asa asa
sw sw
thanks
(config)# failover lan unit primary ( for active ASA )
(config)# failover lan interface FAILOVER ( name for failover link ) GigabitEthernet0/2 ( interface that will connect to standby ASA )
(config)# failover link FAILOVER GigabitEthernet0/2
(config)# failover interface FAILOVER ( active firewall failover link interface ip address which requires sePERATE sunbnet address ) standby ( ip address from same subnet of standby firewall interface opposite end of fail over link )
(config)# failover
**Configure Interface IP addresses on the Primary (Active) Firewall**
(config)# interface GigabitEthernet0/1 ( interface that connects to the inside switch )
(config-if)# nameif inside
(config-if)# security-level 100
(config-if)# ip address ( ip address from THSFSW01 subnet for the active firewall ) standby ( ip address from same switch for standby firewall )
(config)# interface GigabitEthernet0/0 ( interface that connects to outside switch )
(config-if)# nameif outside
(config-if)# security-level 0
(config-if)# ip address ( ip address from THSW01 for active firewall ) 255.255.255.0 standby ( ip address from same switch for satnby firewall )
config)# interface GigabitEthernet0/1 ( interface that connects to the inside switch )
(config-if)# nameif inside
(config-if)# security-level 100
(config-if)# ip address ( ip address from THSFSW02 subnet for the active firewall ) standby ( ip address from same switch for standby firewall )
(config)# interface GigabitEthernet0/0 ( interface that connects to outside switch )
(config-if)# nameif outside
(config-if)# security-level 0
(config-if)# ip address ( ip address from THSW02 for active firewall ) 255.255.255.0 standby ( ip address from same switch for satnby firewall )
(config)# monitor-interface inside
(config)# monitor-interface outside
Configure the LAN Failover Link on the Secondary (Standby) Firewall
(config)# interface GigabitEthernet0/2 ( interfcae that connects to active firewall )
(config-if)# no shut
(config)# failover lan unit secondary
(config)# failover lan interface FAILOVER GigabitEthernet0/2 ( interfcae that connects to active firewall )
(config)# failover link FAILOVER GigabitEthernet0/2
(config)# failover interface ip FAILOVER ( ip address of interface fail over link from active firewall ) standby ( ip address of failover link interface from standy firewall )
(config)# failover
Reboot the Secondary (Standby) Firewall
I have 2 ASA connected to 4 switches , how does the config work for fail over ?
sw sw
asa asa
sw sw
thanks
(config)# failover lan unit primary ( for active ASA )
(config)# failover lan interface FAILOVER ( name for failover link ) GigabitEthernet0/2 ( interface that will connect to standby ASA )
(config)# failover link FAILOVER GigabitEthernet0/2
(config)# failover interface FAILOVER ( active firewall failover link interface ip address which requires sePERATE sunbnet address ) standby ( ip address from same subnet of standby firewall interface opposite end of fail over link )
(config)# failover
**Configure Interface IP addresses on the Primary (Active) Firewall**
(config)# interface GigabitEthernet0/1 ( interface that connects to the inside switch )
(config-if)# nameif inside
(config-if)# security-level 100
(config-if)# ip address ( ip address from THSFSW01 subnet for the active firewall ) standby ( ip address from same switch for standby firewall )
(config)# interface GigabitEthernet0/0 ( interface that connects to outside switch )
(config-if)# nameif outside
(config-if)# security-level 0
(config-if)# ip address ( ip address from THSW01 for active firewall ) 255.255.255.0 standby ( ip address from same switch for satnby firewall )
config)# interface GigabitEthernet0/1 ( interface that connects to the inside switch )
(config-if)# nameif inside
(config-if)# security-level 100
(config-if)# ip address ( ip address from THSFSW02 subnet for the active firewall ) standby ( ip address from same switch for standby firewall )
(config)# interface GigabitEthernet0/0 ( interface that connects to outside switch )
(config-if)# nameif outside
(config-if)# security-level 0
(config-if)# ip address ( ip address from THSW02 for active firewall ) 255.255.255.0 standby ( ip address from same switch for satnby firewall )
(config)# monitor-interface inside
(config)# monitor-interface outside
Configure the LAN Failover Link on the Secondary (Standby) Firewall
(config)# interface GigabitEthernet0/2 ( interfcae that connects to active firewall )
(config-if)# no shut
(config)# failover lan unit secondary
(config)# failover lan interface FAILOVER GigabitEthernet0/2 ( interfcae that connects to active firewall )
(config)# failover link FAILOVER GigabitEthernet0/2
(config)# failover interface ip FAILOVER ( ip address of interface fail over link from active firewall ) standby ( ip address of failover link interface from standy firewall )
(config)# failover
Reboot the Secondary (Standby) Firewall