The failover feature on Cisco ASA ensures that the secondary Cisco ASA takes over the connections if the primary device fails to respond. The security Cisco ASA also supports Active/Active failover, in which both Cisco ASA are active and standby at the same time.
For this example, SecureMe is trying to set up two security Cisco ASA in failover mode. There are two security contexts configured: Cubs and Bears. The requirements for the Cisco ASA devices are as follows:
To achieve the preceding listed requirements, use the following steps:
Figure 19-27. Enabling Failover
Define failover groups.
Figure 19-28. Setting Failover Groups
Similarly, add another failover group to be in the Secondary role with the preempt option enabled.
Map failover groups to security contexts.
Figure 19-29. Mapping of Failover Group to Security Context
Example 19-9 shows the complete configuration of failover as generated by ASDM.
Example 19-9. Failover Configuration Generated by ASDM
failover group 1 primary polltime interface 15 interface-policy 1 failover group 2 secondary polltime interface 15 interface-policy 1 failover context Cubs join-failover-group 1 context Bears join-failover-group 2 failover active
If you navigate to Monitoring > Features > Failover > System under the System context, ASDM displays the output of show failover in the GUI. You can choose to make an Cisco ASA active or standby, reset failover, and reload the standby Cisco ASA, as shown in Figure 19-30.
Figure 19-30. Monitoring Failover
Part I: Product Overview
Introduction to Network Security
Part II: Firewall Solution
Initial Setup and System Maintenance
Network Access Control
Authentication, Authorization, and Accounting (AAA)
Failover and Redundancy
Quality of Service
Part III: Intrusion Prevention System (IPS) Solution
Intrusion Prevention System Integration
Configuring and Troubleshooting Cisco IPS Software via CLI
Part IV: Virtual Private Network (VPN) Solution
Site-to-Site IPSec VPNs
Remote Access VPN
Public Key Infrastructure (PKI)
Part V: Adaptive Security Device Manager
Introduction to ASDM
Firewall Management Using ASDM
IPS Management Using ASDM
VPN Management Using ASDM