Configure Failover for ASA 5520 GNS3


The above is a topology in GNS3 that is short and sweet. Two ASA's running 8.4 code and enabling failover.  I will post the configuration I did for failover of ASA's just to test it out.



Links: 

E1 - Outside Interface |  172.16.1.1 /24  |   
E3 -  Failover Interface |  Primary 10.1.1.1 /24 |
E3 - Failover Interface | Secondary 10.1.1.2 /24 |
E2 - Outside Interface | 172.16.1.2 /24 | 


Primary ASA Config:

interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 172.16.1.1 255.255.255.0

interface GigabitEthernet3
 description LAN/STATE Failover Interface

FAIL OVER CONFIG
-----------------------------------------------

failover
failover lan unit primary 
failover lan interface failover GigabitEthernet3
failover link failover GigabitEthernet3
failover interface ip failover 10.1.1.1 255.255.255.0 standby 10.1.1.2

Secondary ASA Config:


interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 172.16.1.2 255.255.255.0

interface GigabitEthernet3
 description LAN/STATE Failover Interface

FAIL OVER CONFIG
-----------------------------------------------


failover
failover lan unit secondary
failover lan interface failover GigabitEthernet3
failover link failover GigabitEthernet3
failover interface ip failover 10.1.1.1 255.255.255.0 standby 10.1.1.2




Test it:

Log into the Secondary ASA and issue the following command:

failover active   - this will failover the unit so the secondary becomes the "primary"

After failing over issue the following command:

show failover state:  - below is the failover state and what is should look like in terms of  the Secondary being the "ACTIVE" host. In my example below my primary ASA is actually off so their is a Comm Failure over that link.

secondary# sh failover state

               State          Last Failure Reason      Date/Time
This host  -   Secondary
               Active         None
Other host -   Primary
               Failed         Comm Failure             17:55:57 UTC May 30 2013

====Configuration State===
====Communication State===

secondary#





show failover history - this command will allow us to see the reasoning and time stamps of failover. Below we can see the reasoning was No Active Unit was found ( I turned off the primary).


secondary# sh failover history
==========================================================================
From State                 To State                   Reason
==========================================================================
17:54:43 UTC May 30 2013
Not Detected               Negotiation                No Error

17:55:39 UTC May 30 2013
Negotiation                Just Active                No Active unit found

17:55:39 UTC May 30 2013
Just Active                Active Drain               No Active unit found

17:55:39 UTC May 30 2013
Active Drain               Active Applying Config     No Active unit found

17:55:39 UTC May 30 2013
Active Applying Config     Active Config Applied      No Active unit found

17:55:39 UTC May 30 2013
Active Config Applied      Active                     No Active unit found

==========================================================================
secondary#


Comments

Post a Comment

Popular posts from this blog

HULC LED PROCESS - 3750 High CPU

Image
If you're looking at a switch and you see the HULC LED Process running high. The HULC LED process does some of the following tasks: 1. Check link status on every port 2. If the switch supports POE, it checks to see if there is a power device 3. Transceiver checks 4. Fan status updates 5. Set LED ports 6. Check on temperature status Overall the HULC LED Process is a monitoring process running. During looking into this I turned off all non-used ports since it checks the link status. Then I made sure the environment was good. Two Cisco Bugs: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi78581 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn42790
Read more

%PLATFORM_UCAST-4-PREFIX: --------- TCAM 3750 Switch

Image
 %PLATFORM_UCAST-4-PREFIX:  One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded So what is TCAM ? Ternary Content Addressable Memory is used in multi-layer switching also know as Layer 3 switching. The switches forward the packets and frames at the speed of the line by using ASIC hardware. Normally switches make there forwarding decisions based on Layer 2. TCAM is used for Layer 3 components and other features such as QOS and ACES ( Access List ).  Check TCAM and usage of templates being used in the device.  show sdm prefer ? ! This will show us the templates that can be used in the device to give more resources to one feature or the other. For example the default is the equal resource distribution while the routing gives more resources to Layer 3 routing. show sdm prefer ! The command without the "?" will show us what we are currently r
Read more