1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ASAA help

Discussion in 'Networking' started by aaron40, Mar 19, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. aaron40

    aaron40 Thread Starter

    Joined:
    Mar 19, 2015
    Messages:
    2
    Need assistance !!

    I have 2 ASA connected to 4 switches , how does the config work for fail over ?

    sw sw
    asa asa
    sw sw

    thanks

    (config)# failover lan unit primary ( for active ASA )
    (config)# failover lan interface FAILOVER ( name for failover link ) GigabitEthernet0/2 ( interface that will connect to standby ASA )
    (config)# failover link FAILOVER GigabitEthernet0/2
    (config)# failover interface FAILOVER ( active firewall failover link interface ip address which requires sePERATE sunbnet address ) standby ( ip address from same subnet of standby firewall interface opposite end of fail over link )
    (config)# failover

    **Configure Interface IP addresses on the Primary (Active) Firewall**

    (config)# interface GigabitEthernet0/1 ( interface that connects to the inside switch )
    (config-if)# nameif inside
    (config-if)# security-level 100
    (config-if)# ip address ( ip address from THSFSW01 subnet for the active firewall ) standby ( ip address from same switch for standby firewall )



    (config)# interface GigabitEthernet0/0 ( interface that connects to outside switch )
    (config-if)# nameif outside
    (config-if)# security-level 0
    (config-if)# ip address ( ip address from THSW01 for active firewall ) 255.255.255.0 standby ( ip address from same switch for satnby firewall )


    config)# interface GigabitEthernet0/1 ( interface that connects to the inside switch )
    (config-if)# nameif inside
    (config-if)# security-level 100
    (config-if)# ip address ( ip address from THSFSW02 subnet for the active firewall ) standby ( ip address from same switch for standby firewall )

    (config)# interface GigabitEthernet0/0 ( interface that connects to outside switch )
    (config-if)# nameif outside
    (config-if)# security-level 0
    (config-if)# ip address ( ip address from THSW02 for active firewall ) 255.255.255.0 standby ( ip address from same switch for satnby firewall )

    (config)# monitor-interface inside
    (config)# monitor-interface outside


    Configure the LAN Failover Link on the Secondary (Standby) Firewall

    (config)# interface GigabitEthernet0/2 ( interfcae that connects to active firewall )
    (config-if)# no shut
    (config)# failover lan unit secondary
    (config)# failover lan interface FAILOVER GigabitEthernet0/2 ( interfcae that connects to active firewall )
    (config)# failover link FAILOVER GigabitEthernet0/2
    (config)# failover interface ip FAILOVER ( ip address of interface fail over link from active firewall ) standby ( ip address of failover link interface from standy firewall )
    (config)# failover




    Reboot the Secondary (Standby) Firewall
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,271
    Are you using the ASDM to configure the ASAs? If not, you should. The ASDM GUI makes it simple to setup an HA pair. You have to use one of the interfaces on the ASA and you have to assign an IP address which is only used for the HA communication. Many people directly connect the ASAs together to eliminate an extra failure point in having the HA link between the ASAs fail.
     
  3. aaron40

    aaron40 Thread Starter

    Joined:
    Mar 19, 2015
    Messages:
    2
    Hi
    How do i get ASDM and is it easier that the conventional way of configuring with CLI ?
     
  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,271
    You should already have it on your ASA. There's no additional cost/licensing for it.

    The ASDM is a separate file from the main firewall firmware software. If you do a dir of the flash, you should see the firmware file(s) as asa[version].bin and then a file for the ASDM as asdm-[version].bin. From the factory, the ASDM and the firmware should be matched up to work with each other. If you upgrade the firmware, you need to make sure the ASDM file you have on the ASA is compatible or if it requires upgrading.

    You then need to make sure in the config the path is identified and called out for the ASDM file in flash memory. Next you need to enable the http server (it's ok as communication to the ASA is over SSL). And finally, you have to configure the allowed IP addresses or subnet to access the ASA via the ASDM. Unfortunately, I don't recall the exact commands at the moment.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145043

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice