Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Failover

67-11

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter67 Configuring Active/Active Failover

Configuring Active/Active Failover

–

Active IP—Specifies the IP address for the failover interface on the active unit. The IP address

can be an IPv4 or an IPv6 address.

–

Subnet Mask/Prefix Length—Depending upon the type of address specified for the Active IP,

enter a subnet mask (IPv4 addresses) or a prefix length (IPv6 address) for the failover interface

on the primary and secondary unit.

–

Logical Name—Specifies the logical name of the interface used for failover communication.

–

Standby IP—Specifies the IP address used by the secondary unit to communicate with the

primary unit. The IP address can be an IPv4 or an IPv6 address.

–

Preferred Role—Specifies whether the preferred role for this ASA is as the primary or

secondary unit in a LAN failover.

•State Failover—Contains the fields for configuring Stateful Failover.

–

Interface—Specifies the interface used for failover communication. You can choose an

unconfigured interface or subinterfaces or the LAN Failover interface.

If you choose the LAN Failover interface, the interface needs enough capacity to handle both

the LAN Failover and Stateful Failover traffic. Also, you do not need to specify the Active IP,

Subnet Mask, Logical Name, and Standby IP values; the values specified for the LAN Failover

interface are used.

Note We recommend that you use two separate, dedicated interfaces for the LAN Failover

interface and the Stateful Failover interface.

–

Active IP—Specifies the IP address for the Stateful Failover interface on the primary unit. This

field is dimmed if the LAN Failover interface or Use Named option is chosen from the Interface

drop-down list.

–

Subnet Mask/Prefix Length—Specifies the mask (IPv4 address) or prefix (IPv6 address) for the

Stateful Failover interfaces on the primary and secondary units. This field is dimmed if the LAN

Failover interface or Use Named option is selected in the Interface drop-down list.

–

Logical Name—Specifies the logical interface used for failover communication. If you chose

the Use Named option in the Interface drop-down list, this field displays a list of named

interfaces. This field is dimmed if the LAN Failover interface is chosen from the Interface

drop-down list.

–

Standby IP—Specifies the IP address used by the secondary unit to communicate with the

primary unit. This field is dimmed if the LAN Failover interface or Use Named option is chosen

from the Interface drop-down list.

–

Enable HTTP replication—Checking this check box enables Stateful Failover to copy active

HTTP sessions to the standby firewall. If you do not allow HTTP replication, then HTTP

connections are disconnected at failover. Disabling HTTP replication reduces the amount of

traffic on the state link.

Failover > Criteria Tab

Use this tab to define criteria for failover, such as how many interfaces must fail and how long to wait

between polls. The hold time specifies the interval to wait without receiving a response to a poll before

unit failover.

Cisco Systems Failover > Criteria Tab

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505