60-11
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 60 Configuring Active/Active Failover
Configuring Active/Active Failover
Only unconfigured interfaces or subinterfaces that have not been assigned to a context are
displayed in this list and can be selected as the LAN Failover interface. Once you specify an
interface as the LAN Failover interface, you cannot edit that interface in the Configuration >
Interfaces pane or assign that interface to a context.
–
Active IP—Specifies the IP address for the failover interface on the active unit. The IP address
can be an IPv4 or an IPv6 address.
–
Subnet Mask/Prefix Length—Depending upon the type of address specified for the Active IP,
enter a subnet mask (IPv4 addresses) or a prefix length (IPv6 address) for the failover interface
on the primary and secondary unit.
–
Logical Name—Specifies the logical name of the interface used for failover communication.
–
Standby IP—Specifies the IP address used by the secondary unit to communicate with the
primary unit. The IP address can be an IPv4 or an IPv6 address.
–
Preferred Role—Specifies whether the preferred role for this adaptive security appliance is as
the primary or secondary unit in a LAN failover.
• State Failover—Contains the fields for configuring Stateful Failover.
–
Interface—Specifies the interface used for failover communication. You can choose an
unconfigured interface or subinterfaces or the LAN Failover interface.
If you choose the LAN Failover interface, the interface needs enough capacity to handle both
the LAN Failover and Stateful Failover traffic. Also, you do not need to specify the Active IP,
Subnet Mask, Logical Name, and Standby IP values; the values specified for the LAN Failover
interface are used.
Note We recommend that you use two separate, dedicated interfaces for the LAN Failover
interface and the Stateful Failover interface.
–
Active IP—Specifies the IP address for the Stateful Failover interface on the primary unit. This
field is dimmed if the LAN Failover interface or Use Named option is chosen from the Interface
drop-down list.
–
Subnet Mask/Prefix Length—Specifies the mask (IPv4 address) or prefix (IPv6 address) for the
Stateful Failover interfaces on the primary and secondary units. This field is dimmed if the LAN
Failover interface or Use Named option is selected in the Interface drop-down list.
–
Logical Name—Specifies the logical interface used for failover communication. If you chose
the Use Named option in the Interface drop-down list, this field displays a list of named
interfaces. This field is dimmed if the LAN Failover interface is chosen from the Interface
drop-down list.
–
Standby IP—Specifies the IP address used by the secondary unit to communicate with the
primary unit. This field is dimmed if the LAN Failover interface or Use Named option is chosen
from the Interface drop-down list.
–
Enable HTTP replication—Checking this check box enables Stateful Failover to copy active
HTTP sessions to the standby firewall. If you do not allow HTTP replication, then HTTP
connections are disconnected at failover. Disabling HTTP replication reduces the amount of
traffic on the state link.
To Next Page
Loading...
Need help?
General
