Difference between revisions of "Configuring and Cabling of Stateful Active/Standby Failover on a Cisco ASA 5510 Firewall"

These steps were tested under IOS 8.2(2).

Prerequisites

• You need two identical Cisco ASA 5510 appliances
• Both appliances must be running the identical IOS version
• You need at least IOS version 7.0. If you want to use IPv6, you need at least IOS version 8.2(2).
• You need an ASA 5510 Security Plus license on both appliances.
• Both appliances must be in the same mode (single|multiple|transparent|routed). This tutorial uses routed mode. (You can tell the mode your appliance is running under issuing the show firewall command in enable mode.)

Assumptions

In this tutorial we assume tho following target configuration:

• One interface (Ethernet0/0) named outside which will be attached to the internet in your target environment
• One interface (Ethernet0/1) named inside which will be attached to the internal LAN in your target environment
• One interface (Ethernet0/2) named tmp which will temporarily attached to your LAN in the test environment (for setup and testing purposes)
• One interface (Ethernet0/3) named failoverlink which will serve as the interface for failover and stateful failover

• The hosts in your LAN are configured to use a default gateway with the IP address of 10.0.0.1

Configuration steps

In a ASA 5510 failover configuration scenario one appliance is the primary one, the other one is the secondary one. You can read about the meaning of this in Cisco's official documentation.

Configuring the primary appliance

• Power up your primary appliance (i.e. the one that is to become the primary appliance). Leave the other one switched off.
• Connect to the primary appliance via console.
• Enter enable, then the conf t command to get to the config prompt. Depending on your configuration you may have to enter a password.

fw> enable
fw#
fw# conf t
fw(config)#