Documente Academic
Documente Profesional
Documente Cultură
Goal
Enable active/standby failover on single context ASA
Additional Info
Configuring related interfaces and failover configuration
Explanation
Interface Config
!
interface GigabitEthernet1/1
description *** To XPMDCCTPSW03 ***
nameif inside
security-level 100
ip address 172.29.156.46 255.255.255.240 standby 172.29.156.45
!
interface GigabitEthernet1/2
description *** To XPMDCCTPSW05 ***
nameif outside
security-level 0
ip address 172.29.156.65 255.255.255.240 standby 172.29.156.66
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
interface GigabitEthernet1/7
description STATE Failover Interface
interface GigabitEthernet1/8
description LAN Failover Interface
interface Management1/1
description *** MGT ***
management-only
nameif MGMT
security-level 75
ip address 10.1.4.119 255.255.255.128
Failover Config
! Enable failover
Failover
Notes:
• The polltime range is between 1 and 15 seconds or between 200 and 999 milliseconds.
• The holdtime range is between 1 and 45 seconds or between 800 and 999 milliseconds.
• If a unit does not hear hello packet on the failover communication interface for one polling
period, additional testing occurs through the remaining interfaces. If there is still no response
from the peer unit during the hold time, the unit is considered failed and, if the failed unit is
the active unit, the standby unit takes over as the active unit.
Notes:
To allow HTTP connections to be included in the state information replication, you need to enable
HTTP replication. Because HTTP connections are typically short-lived, and because HTTP clients
typically retry failed connection attempts, HTTP connections are not automatically included in the
replicated state information.
monitor-interface inside
monitor-interface outside
no monitor-interface MGMT
Used at
Referenced Used