A 30-bit ( 255.255.255.252) subnet mask is configured in this example. Step 10 Configure a subnet mask for this interface. In this example, the active IP address is 10.200.40.1, and the secondary is 10.200.40.2. Step 9 Assign an IP address for this interface, in addition to a standby IPĪddress, as shown in Figure 12-55. This is an arbitrarily name.įigure 12-54 Failover Peer Connectivity and Compatibility Checkįigure 12-54 Failover Peer Connectivity and Compatibility Check Figure 12-55 Configuring the Failover LAN Link In this example, the interface is called failover for simplicity. Step 8 Enter a name for the failover interface. In this case, the interface selected is GigabitEthernet0/3. Choose an available interface from the drop-down menu. This screen allows you to configure a dedicated interface for failover communication between the two appliances. Step 7 The screen shown in Figure 12-55 is displayed. You must fix any errors before proceeding further. However, if issues exist, ASDM marks each check that failed. If successful, ASDM allows you to proceed to the next step. These steps are listed within the ASDM screen shown in Figure 12-54. ASDM completes several compatibility and connectivity checks on the secondary appliance. The IP address of the secondary appliance management interface is 10.200.30.2 in this case. Step 5 Enter the IP address of the secondary appliance, as shown in Figure 12-54. Click Configure Active/Standby failover.įigure 12-53 Configuring Active/Standby Failover Step 3 The screen shown in Figure 12-53 is displayed. Step 2 On the main toolbar, click Wizards and choose High Availability and Scalability Wizard, as illustrated in Figure 12-52.įigure 12-52 Launching the High Availability and Scalability Wizard Step 1 Log in to the Cisco ASA using ASDM. The following are the steps taken to configure active-standby failover on the Cisco ASAs. The Cisco ASA does not support VPN when configured in multicontext mode. Company-B has a site-to-site VPN tunnel to a business partner (Partner-A). Active-active requires a minimum of two security contexts on each appliance. They decide to implement active-standby failover because, for active-active to work, the appliances must be configured in multicontext mode. The network security team of Company-B evaluates both options. After the primary fails, the secondary takes over and begins to pass traffic. In contrast, when configured in active-standby mode, the primary appliance is the active one and the secondary appliance is in standby and does not pass traffic. When a pair of Cisco ASAs is configured in active-active failover mode, both appliances are actively passing traffic at the same time. Because network devices see no change in the MAC-to-IP address pairing, no ARP entries change or time out anywhere on the network.
#Cisco asa asdm on mac mac
The unit that is now in standby state takes over the standby IP addresses and MAC addresses. The unit that becomes active takes ownership of the IP addresses and MAC addresses of the failed unit. NOTE When the active unit fails, it changes to the standby state while the standby unit changes to the active state. The Cisco ASA supports active-active and active-standby failover. Maintaining appropriate redundancy mechanisms within infrastructure devices is extremely important for any organization.