The second device should be set aside, waiting for its turn to be configured. ONLY the device Cisco ASA #1 should be powered on. You can enter any address pair that you want, but make sure that they are from the same network and are unique to your LAN.Īt this point of configuration, both Cisco ASA devices should NOT be connected to each other in any way. A device may be currently in standby mode for passing traffic, but will be the primary device in the cluster.ġ0.0.0.1 and 10.0.0.2 – these are the IP addresses for the synchronization interfaces on both Cisco ASA. Should not be confused with the device’s current role – active or standby. Primary – indicates that this is the primary device. Activate the interface with the “ no shutdown” command.Īctivate the failover mode on Cisco ASA #1įailover lan interface STATE GigabitEthernet0/3įailover interface ip STATE 10.0.0.1 255.255.255.252 standby 10.0.0.2 You should remove all other configuration from the interface, if any has been entered. For clarity, add a description to the interface (STATE Failover Interface).
![cisco asa asdm configuration example cisco asa asdm configuration example](https://a1localsites.com/blogimgs/https/cip/supportforums.cisco.com/sites/default/files/legacy/1/1/0/160011-ASA_GUI.jpg)
Choose one of its free interfaces so that it can be used for synchronizing with the Cisco ASA #2 device. Choose the synchronization interfaceĬonnect to your first Cisco ASA device, that we will call Cisco ASA #1.
#Cisco asa asdm configuration example upgrade
If you have different versions of IOS installed, upgrade it on one of the devices.
#Cisco asa asdm configuration example software
Use the “ sh ver” command for that FW-DELTACONFIG-1# sh verĬisco Adaptive Security Appliance Software Version 9.4(2)6 When configuring failover, the order in which you enter the configuration commands, as well as the order in which you connect two Cisco ASA devices together, is more important than the configuration itself.īefore you begin to connect and configure your Cisco ASA devices, make sure that the IOS versions on both ASA are identical and supports the failover mode.
![cisco asa asdm configuration example cisco asa asdm configuration example](https://3.bp.blogspot.com/-DcBGyiUmdy4/VUvIuLMiYFI/AAAAAAAACdg/hmeTEVdeLqQ/s1600/4.png)
![cisco asa asdm configuration example cisco asa asdm configuration example](https://www.dedicatedsqlserver.com/HowTo/Images/Cisco_VPN_ASA5500_Transform.gif)
There are exceptions to these rules, but I am deliberately not mentioning them in this article, so that the possible problems with the configuration can be brought to a minimum. – failover WILL NOT work if your Cisco ASA is configured to connect to the ISP through PPPoE protocol – both devices need to have the same IOS image installed, for example 9.4(2)6 – In order to create a Cisco ASA failover cluster, you need to have two devices of the exact same model, for example Cisco ASA 5515X – Of the two Cisco ASA devices that have been combined into a cluster and configured to work in the failover mode, only one (!) device will be active and forward traffic. Before getting into the configuration details of Cisco ASA backup scheme (called failover), I would like to point out a few rules regarding the technology itself: