top of page
Esta página web se diseñó con la plataforma
.com
. Crea tu página web hoy.Comienza ya

ASA Active/Standby Failover Configuration Example using GNS3

Date: 11-9-2015

Table Of Contents

Topology

 

In this example: gi1(ASA3) – gi1(ASA2) = failover link = stateful failover link

NOTE Information about how to configure ASA and ASDM on GNS3 can be found on the Internet.

 

Configuring ASA3 using ASDM

 

From the ASDM main application window, access the High Availability and Scalability Wizard by choosing one of the following:

• Wizards > High Availability and Scalability Wizard .

• Configuration > Device Management > High Availability > HA/Scalability Wizard, and then click Launch High Availability and Scalability Wizard.

 

To move to the next screen of the wizard, click Next. You must complete the required fields of each screen before you may proceed to the next one.

 

The full procedure is as follows:

Anchor 3

After 192.168.1.20 was entered and Next was selected, ASDM performed several checks.

In the following picture only the Standby IP Addresses was entered.         

Select Next:

Click Finish:

Click Send:

As a requisite, ASA2 must be accesible by ASDM (see Step 2), so this wizard also allow you to configure the Secondary Unit:

Click Send:

Monitoring Failover on GNS3

 

Suposse ASA2 is initiated at first time, and later ASA3 is initiated. Wait several minutes till both unit are synchronized.

 

For ASA3:

Anchor 4

As you can see, the ASA3 configuration was erased (the hostname has changed from ASA3 to ASA2, the IP address has changed from 192.168.1.10 to 192.168.1.20; see the picture above). This is because ASA2 was initiated at first and, in this case, the secondary unit takes over the active role.

 

Configuration synchronization occurs when one or both devices in the failover pair boot. Configurations are always synchronized from the active unit to the standby unit. When the standby unit completes its initial startup, it clears its running configuration (except for the failover commands that are needed to communicate with the active unit), and the active unit sends its entire configuration to the standby unit.

 

Let’s see. For  ASA2:

Anchor 5

As you can see, the Secondary Unit has the active role.

 

Manual Failover

 

To force the secondary unit to the standby role: SW2# no failover active

OR, in SW3: failover active

 

NOTE: the only way to distinguish these units (primary or secondary) is by using show failover.

 

On ASA3, you’ll see:

So I have forced ASA3 to take over the active role.

 

NOTE: If I have time, the next article could be "Active/Active Failover on GNS3"

NOTE: Your e-mail will not be shown in the output. You can use an invalid e-mail, if you want.

Thank you for your co-operation in helping me to improve.

bottom of page