I think I've covered this once already, but I thought since I just did this the other day again, I would post some outputs on it. I really like Cisco's HA feature. From my experience, its very reliable and I have never seen it let me down before. Here is a template on what I did on the secondary ASA to get it to get the primary ASA's config:
interface Management0/0
no shut
failover lan unit secondary
failover lan interface failover_state Management0/0
failover key mypasskey
failover link failover_state Management0/0
failover interface ip failover_state 192.168.1.1 255.255.255.0 standby 192.168.1.2
failover
Once I did this, I get the following on the secondary ASA:
ciscoasa(config)# .
Detected an Active mate
Beginning configuration replication from mate.
End configuration replication from mate.
This is what the primary ASA said before the secondary came up:
sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover_state Management0/0 (Failed - No Switchover)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 110 maximum
Version: Ours 8.2(5), Mate Unknown
Last Failover at: 12:56:25 UTC Mar 8 2013
This host: Primary - Active
Other host: Secondary - Failed
(shortened for brevity)
By the way, make sure the images are the same. I had to upgrade my primary image to match what came on the secondary unit.
ASA# sh fail
Failover On
Failover unit Secondary
Failover LAN Interface: failover_state Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 110 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 14:44:56 UTC Mar 8 2013
This host: Secondary - Standby Ready
Other host: Primary - Active
(shortened for brevity)
This is the White Rhino Security blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.