Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active/Standby Failover on ASA 5510

Posted on 2009-05-02
7
Medium Priority
?
1,158 Views
Last Modified: 2012-05-06
I am going to configure active/standby failover on two identical ASA 5510 Security Plus devices.

I am curious if I am supposed to configure both of them first, identically, and to then configure the failover mode or if I am supposed to configure the failover mode first.

Is there a good way of configuring all of the settings one one device and then transferring the config to the other device?

How does syncing work after everything is set up for failover mode? A year down the road, if I make a change to one device does it replicate to the other automatically?
0
Comment
Question by:Tercestisi
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
nettek0300 earned 1000 total points
ID: 24287347
I would personally configure the first firewall, verify that everything is correctly configured, then copy the configuration to the second firewall so that they are identical, (you will need to change the IP of the failover firewall after copying the config). Then configure the failover.
0
 

Author Comment

by:Tercestisi
ID: 24287489
Do the host names need to differ or should they be the same?
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 24287793
What host names are you referring to?  If it is the router interfaces, or host names of destination addresses, you will probably want them the same.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 

Author Comment

by:Tercestisi
ID: 24287802
I was referring to the hostname of the device, the ASA.
0
 
LVL 19

Assisted Solution

by:nodisco
nodisco earned 1000 total points
ID: 24288562
Hey

All you need to do is create the failover specifics on your standby device - once you have the Primary configured with your config, enabling failover on the ASAs syncs the config and failover setup between Pri and Sec.

In the future, making changes to the Pri are automatically saved on the Sec once you write mem on the Pri.  Heres a step by step on how to configure from scratch:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

cheers
0
 

Author Comment

by:Tercestisi
ID: 24288598
Excellent; thanks.

Still curious on the hostname: if I name the Primary ASA as ASA1 do I name the standby as ASA1 or something different or does it not matter?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24289096
it doesn't matter what you call the second one - once the failover has been sync'd it becomes the same name as the Primary anyway - think of it as a virtual firewall with just 1 name - that 2 physical boxes are sharing.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question