Configuring and Cabling of Stateful Active/Standby Failover on a Cisco ASA 5510 Firewall

From NesevoWiki
Jump to navigationJump to search

These steps were tested under IOS 8.2(2).

Prerequisites

  • You need two identical Cisco ASA 5510 appliances
  • Both appliances must be running the identical IOS version
  • You need at least IOS version 7.0. If you want to use IPv6, you need at least IOS version 8.2(2).
  • You need an ASA 5510 Security Plus license on both appliances.
  • Both appliances must be in the same mode (single|multiple|transparent|routed). This tutorial uses routed mode. (You can tell the mode your appliance is running under issuing the show firewall command in enable mode.)

Assumptions

In this tutorial we assume tho following target configuration:

  • One interface (Ethernet0/0) named outside which will be attached to the internet in your target environment
  • One interface (Ethernet0/1) named inside which will be attached to the internal LAN in your target environment
  • One interface (Ethernet0/2) named tmp which will temporarily attached to your LAN in the test environment (for setup and testing purposes)
  • One interface (Ethernet0/3) named failoverlink which will serve as the interface for failover and stateful failover
  • The hosts in your LAN are configured to use a default gateway with the IP address of 10.0.0.1

Configuration steps

Retrieved from "http://wiki.nesevo.com/index.php?title=Configuring_and_Cabling_of_Stateful_Active/Standby_Failover_on_a_Cisco_ASA_5510_Firewall&oldid=2341"