CHAPT ER
63-1
Cisco ASA 5500 Series Configuration Guide using the CLI
63
Configuring Active/Active Failover
This chapter describes how to configure Active/Active failover and includes the following sections:
Information About Active/Active Failover, page63-1
Licensing Requirements for Active/Active Failover, page63-6
Prerequisites for Active/Active Failover, page63-7
Guidelines and Limitations, page63-7
Configuring Active/Active Failover, page63-8
Remote Command Execution, page63-21
Monitoring Active/Active Failover, page63-25
Feature History for Active/Active Failover, page63-25

Information About Active/Active Failover

This section describes Active/Active failover. This section includes the following topics:
Active/Active Failover Overview, page63-1
Primary/Secondary Status and Active/Standby Status, page63-2
Device Initialization and Configuration Synchronization, page63-3
Command Replication, page63-3
Failover Triggers, page63-4
Failover Actions, page 63-5

Active/Active Failover Overview

Active/Active failover is only available to ASAs in multiple context mode. In an Active/Active failover
configuration, both ASAs can pass network traffic.
In Active/Active failover, you divide the security contexts on the ASA into failover groups. A failover
group is simply a logical group of one or more security contexts. You can create a maximum of two
failover groups. The admin context is always a member of failover group1. Any unassigned security
contexts are also members of failover group 1 by default.