60-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 60 Configuring Active/Active Failover
Configuring Active/Active Failover
Failover > Criteria Tab
Use this tab to define criteria for failover, such as how many interfaces must fail and how long to wait
between polls. The hold time specifies the interval to wait without receiving a response to a poll before
unit failover.
Note If you are configuring Active/Active failover, you do not use this tab to define the interface policy;
instead, you define the interface policy for each failover group using the Failover > Active/Active Tab.
With Active/Active failover, the interface policy settings defined for each failover group override the
settings on this tab. If you disable Active/Active failover, then the settings on this tab are used.
Fields
• Interface Policy—Contains the fields for defining the policy for failover when monitoring detects
an interface failure.
–
Number of failed interfaces that triggers failover—When the number of failed monitored
interfaces exceeds the value you set with this command, then the adaptive security appliance
fails over. The range is between 1 and 250 failures.
–
Percentage of failed interfaces that triggers failover—When the number of failed monitored
interfaces exceeds the percentage you set with this command, then the adaptive security
appliance fails over.
• Failover Poll Times—Contains the fields for defining how often hello messages are sent on the
failover link, and, optionally, how long to wait before testing the peer for failure if no hello messages
are received.
–
Unit Failover—The amount of time between hello messages among units. The range is between
1 and 15 seconds or between 200 and 999 milliseconds.
–
Unit Hold Time—Sets the time during which a unit must receive a hello message on the failover
link, or else the unit begins the testing process for peer failure. The range is between 1and 45
seconds or between 800 and 999 milliseconds. You cannot enter a value that is less than 3 times
the polltime.
–
Monitored Interfaces—The amount of time between polls among interfaces. The range is
between 1and 15 seconds or 500 to 999 milliseconds.
–
Interface Hold Time—Sets the time during which a data interface must receive a hello message
on the data interface, after which the peer is declared failed. Valid values are from 5 to 75
seconds.
Failover > Active/Active Tab
Use this tab to enable Active/Active failover on the adaptive security appliance by defining failover
groups. In an Active/Active failover configuration, both adaptive security appliances pass network
traffic. Active/Active failover is only available to adaptive security appliances in multiple mode.
A failover group is simply a logical group of security contexts. You can create two failover groups on
the adaptive security appliance. You must create the failover groups on the active unit in the failover pair.
The admin context is always a member of failover group 1. Any unassigned security contexts are also
members of failover group 1 by default.
To Next Page
Loading...
Need help?
General
