60-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 60 Configuring Active/Active Failover
Configuring Active/Active Failover
create failover groups in the device manager. For both types of failover, you need to provide system-level
failover settings in the system context, and context-level failover settings in the individual security
contexts. For more information about configuring failover in general, see Chapter 57, “Information
About High Availability.”.
Seethe following topics for more information:
• Failover > Setup Tab
• Failover > Criteria Tab
• Failover > Active/Active Tab
• Failover > MAC Addresses Tab
Failover > Setup Tab
Use this tab to enable failover on a adaptive security appliance in multiple context mode. You also
designate the failover link and the state link, if using Stateful Failover, on this tab.
Note During a successful failover event on the adaptive security appliance, the interfaces are brought down,
roles are switched (IP addresses and MAC addresses are swapped), and the interfaces are brought up
again. However, the process is transparent to users. The adaptive security appliance does not send
link-down messages or system log messages to notify users that interfaces were taken down during
failover (or link-up messages for interfaces brought up by the failover process).
Fields
• Enable Failover—Checking this check box enables failover and lets you configure a standby
adaptive security appliance.
Note The speed and duplex settings for an interface cannot be changed when Failover is enabled. To
change these settings for the failover interface, you must configure them in the Configuration >
Interfaces pane before enabling failover.
• Use 32 hexadecimal character key—Check this check box to enter a hexadecimal value for the
encryption key in the Shared Key field. Uncheck this check box to enter an alphanumeric shared
secret in the Shared Key field.
• Shared Key—Specifies the failover shared secret or key for encrypted and authenticated
communications between failover pairs.
If you checked the Use 32 hexadecimal character key check box, then enter a hexadecimal
encryption key. The key must be 32 hexadecimal characters (0-9, a-f).
If you cleared the Use 32 hexadecimal character key check box, then enter an alphanumeric shared
secret. The shared secret can be from 1 to 63 characters. Valid character are any combination of
numbers, letters, or punctuation. The shared secret is used to generate the encryption key.
• LAN Failover—Contains the fields for configuring LAN Failover.
–
Interface—Specifies the interface used for failover communication. Failover requires a
dedicated interface, however, you can use the same interface for Stateful Failover.
To Next Page
Loading...
Need help?
General
