top of page
Search
Writer's picturePASS HOT

Teach you how to configure CISCO ASA FO

Updated: May 29, 2019



Everyone knows that in some places, high reliability is required. Sometimes a single device will have a single point of failure. Therefore, two or more units need to be used together. For example, in a router, multiple devices can be configured to be used or used by protocols, such as HSRP, VRRP AND GLBP. Multi-group use, firewall is no exception, the principle of FO is not much to talk about here.If you are interested in this aspect, you can find out on the internet. ASA’s FO difficulty lies on the architecture and configuration is actually quite easy. Under normal circumstances, A/S mode which is a master-slave mode. Of course, it can also to do AA mode through the virtual wall. FO configuration has basic requirements. It is hardware, software or licensing needs to be exactly the same. CISCO has a special document if it’s not same, it will be an error.

Configure A/S/mode below

The device is the ASA5510

Main ASA:

Int ethernet0/0

No sh

int Ethernet0/1

no sh

int e0/2

Nosh

int e0/3

no sh

A# sh run I in failover

failover

failover lan unit primary

failover lan interface failover Ethernet0/2

failover polltime unit msec 500 holdtime 3

failover polltime interface 1 holdtime 5

failover key cisco

failover mac address Ethernet0/0 0018.1900.3000 0018.1900.3001

failover mac address Ethernet0/1 0018.1900.4000 0018.1900.4001

failover mac address Management0/0 0018.1900.6000 0018.1900.6001

failover link state Ethernet0/3

failover interface ip failover 192.168.1.1 255.255. 255.0 standby 192.168.1.2

failover interface ip state 192.168.100.1 255.255 255.0 standby 192.168.100.2

Back up of ASA configuration:

int Ethernet0/0

no sh

int Ethernet0/1

no sh

exit

A# sh run I in failover

failover

failover lan unit secondary

failover lan interface failover Ethernet0/2

failover polltime unit msec 500 holdtime 3

failover polltime interface 1 holdtime 5

failover key cisco

failover mac address Ethernet0/0 0018.1900.3000 0018.1900.3001

Failover mac address Ethernet0/1 0018.1900.4000 0018.1900.4001

failover mac address ManagementO/0 0018.1900.6000 0018.1900.6001

failover link state Ethernet0/3

failover interface ip failover 192.168.1.1 255.255.255.0 standby 192.168.1.2

failover interface ip state 192.168.100.1 255.255.255.0 standby 192.168.100.2

FA(config)#  sh fa

Failover On

 Failover unit Primary

      Version: Ours 9.1(5), Mate 9.1(5)

      Last Failover at: 00:54:51 UTC Jan 1 2003

        This host: Primary - Active

        Active time: 1387 (sec)

        slot 0: ASA5510 hw/sw rev (2.0/9.1(5)) status (Up Sys)

slot 1: empty

      Other host: Secondary - Standby Ready

        Active time: 4 (sec)

        slot 0: ASA5510 hw/sw rev (.0/9.1() status (Up Sys)

slot 1: empty

As can be seen from the above, the FO configuration is successful and a master-lave mode is formed.

The above content must be known as a CCIE. If you still feel that the CCIE written exam and CCIE LAB exam are difficult to pass, then joinPASSHOT. We will let you  more easily to pass the CCIE exam.

0 views0 comments

Recent Posts

See All

Comments


文章: Blog2_Post
bottom of page