Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Change a Device to Multiple Mode, Security Context Configuration, Failover Link Configuration

7-7

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter7 Using the High Availability and Scalability Wizard

Configuring Failover with the High Availability and Scalability Wizard

Change a Device to Multiple Mode

The Change Device to Multiple Mode dialog box appears only for an Active/Active failover

configuration. Active/Active failover requires that the ASA be in multiple context mode. This dialog box

lets you convert a ASA in single context mode to multiple context mode.

When you convert from single context mode to multiple context mode, the ASA creates the system

configuration and the admin context from the current running configuration. The admin context

configuration is stored in the admin.cfg file. The conversion process does not save the previous startup

configuration, so if the startup configuration differed from the running configuration, those differences

are lost.

Converting the ASA from single context mode to multiple context mode causes the ASA and its peer to

reboot. However, the High Availability and Scalability Wizard restores connectivity with the newly

created admin context and reports the status in the Devices Status field in this dialog box.

Note You must convert both the current ASA and its peer to multiple context mode before you can proceed.

To change the current ASA to multiple context mode, perform the following steps:

Step1 Click Change device To Multiple Context, where device is the hostname of the ASA.

Step2 Repeat this step for the peer ASA.

The status of the ASA appears during conversion to multiple context mode.

Security Context Configuration

The Security Context Configuration screen appears only for an Active/Active configuration, and lets you

assign security contexts to failover groups. It displays the name of currently configured security

contexts, lets you add new ones, and change or remove existing ones as needed. In addition, it displays

the failover group number to which the context is assigned and lets you change the failover group as

needed. Although you can create security contexts in this screen, you cannot assign interfaces to those

contexts or configure other properties for them. To configure context properties and assign interfaces to

a context, choose System> Security Contexts.

Failover Link Configuration

The Failover Link Configuration screen appears only if you are configuring LAN-based failover.

To configure LAN-based failover, perform the following steps:

Step1 Choose the LAN interface to use for failover communication from the drop-down list.

Step2 Enter a name for the interface.

Step3 Enter the IP address used for the failover link on the unit that has failover group 1 in the active state.

This field accepts an IPv4 or IPv6 address.

Step4 Enter the IP address used for the failover link on the unit that has failover group 1 in the standby state.

This field accepts an IPv4 or IPv6 address.

Cisco Systems Change a Device to Multiple Mode, Security Context Configuration, Failover Link Configuration