Configure Failover for ASA 5520 GNS3


The above is a topology in GNS3 that is short and sweet. Two ASA's running 8.4 code and enabling failover.  I will post the configuration I did for failover of ASA's just to test it out.



Links: 

E1 - Outside Interface |  172.16.1.1 /24  |   
E3 -  Failover Interface |  Primary 10.1.1.1 /24 |
E3 - Failover Interface | Secondary 10.1.1.2 /24 |
E2 - Outside Interface | 172.16.1.2 /24 | 


Primary ASA Config:

interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 172.16.1.1 255.255.255.0

interface GigabitEthernet3
 description LAN/STATE Failover Interface

FAIL OVER CONFIG
-----------------------------------------------

failover
failover lan unit primary 
failover lan interface failover GigabitEthernet3
failover link failover GigabitEthernet3
failover interface ip failover 10.1.1.1 255.255.255.0 standby 10.1.1.2

Secondary ASA Config:


interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 172.16.1.2 255.255.255.0

interface GigabitEthernet3
 description LAN/STATE Failover Interface

FAIL OVER CONFIG
-----------------------------------------------


failover
failover lan unit secondary
failover lan interface failover GigabitEthernet3
failover link failover GigabitEthernet3
failover interface ip failover 10.1.1.1 255.255.255.0 standby 10.1.1.2




Test it:

Log into the Secondary ASA and issue the following command:

failover active   - this will failover the unit so the secondary becomes the "primary"

After failing over issue the following command:

show failover state:  - below is the failover state and what is should look like in terms of  the Secondary being the "ACTIVE" host. In my example below my primary ASA is actually off so their is a Comm Failure over that link.

secondary# sh failover state

               State          Last Failure Reason      Date/Time
This host  -   Secondary
               Active         None
Other host -   Primary
               Failed         Comm Failure             17:55:57 UTC May 30 2013

====Configuration State===
====Communication State===

secondary#





show failover history - this command will allow us to see the reasoning and time stamps of failover. Below we can see the reasoning was No Active Unit was found ( I turned off the primary).


secondary# sh failover history
==========================================================================
From State                 To State                   Reason
==========================================================================
17:54:43 UTC May 30 2013
Not Detected               Negotiation                No Error

17:55:39 UTC May 30 2013
Negotiation                Just Active                No Active unit found

17:55:39 UTC May 30 2013
Just Active                Active Drain               No Active unit found

17:55:39 UTC May 30 2013
Active Drain               Active Applying Config     No Active unit found

17:55:39 UTC May 30 2013
Active Applying Config     Active Config Applied      No Active unit found

17:55:39 UTC May 30 2013
Active Config Applied      Active                     No Active unit found

==========================================================================
secondary#


Comments

Post a Comment

Popular posts from this blog

HULC LED PROCESS - 3750 High CPU

Image
If you're looking at a switch and you see the HULC LED Process running high. The HULC LED process does some of the following tasks: 1. Check link status on every port 2. If the switch supports POE, it checks to see if there is a power device 3. Transceiver checks 4. Fan status updates 5. Set LED ports 6. Check on temperature status Overall the HULC LED Process is a monitoring process running. During looking into this I turned off all non-used ports since it checks the link status. Then I made sure the environment was good. Two Cisco Bugs: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi78581 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn42790
Read more

Cisco Tomcat High CPU Utilization 99 percent

Image
So a client was experience slow web interface usage to their calling node. As well RTMT was shooting off the alert. The alert is for Call Process CPU Node Pegging.  The culprit tomcat! Cisco Tomcat Service -  In enterprise edition this is a web server service. In the business edition (BE Servers) this uses the web server and unity utilizes the service as well. Log in to each call manager node and issue the following command: show process load cpu **OUTPUT** top - 08:55:48 up 340 days, 4:03, 1 user, load average: 4.64, 3.25, 2.98  Tasks: 142 total, 2 running, 140 sleeping, 0 stopped, 0 zombie  Cpu(s): 16.3%us, 3.4%sy, 0.0%ni, 80.1%id, 0.1%wa, 0.0%hi, 0.2%si, 0.0%st  Mem: 4016964k total, 3856400k used, 160564k free, 29904k buffers  Swap: 2064280k total, 1664k used, 2062616k free, 598124k cached  PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND  8065 tomcat 25 0 2317m 1.9g 22m S 99.4 50.4 358084:37 tomcat  1 root 15 ...
Read more