{"id":1798,"date":"2015-07-02T22:59:00","date_gmt":"2015-07-02T21:59:00","guid":{"rendered":"https:\/\/www.balajibandi.com\/?p=1798"},"modified":"2022-12-31T19:04:28","modified_gmt":"2022-12-31T19:04:28","slug":"cisco-asa-firewall-active-standby-config","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=1798","title":{"rendered":"Cisco ASA Firewall Active\/Standby config"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Firewall 1 Configuration<\/h1>\n\n\n\n<p>config t<br>!<br>hostname FW1<br>!<br>interface Ethernet0<br>nameif management<br>security-level 0<br>ip address 192.168.1.65 255.255.255.0<br>no shutdown<br>!<br>interface Ethernet1<br>channel-group 1 mode active<br>no nameif<br>no security-level<br>no ip address<br>no shutdown<br>!<br>interface Ethernet2<br>channel-group 1 mode active<br>no nameif<br>no security-level<br>no ip address<br>no shutdown<br>!<br>interface Ethernet3<br>channel-group 1 mode active<br>no nameif<br>no security-level<br>no ip address<br>no shutdown<br>!<br>interface Port-channel1<br>no nameif<br>no security-level<br>no ip address<br>no shutdown<br>!<br>interface Port-channel1.200<br>vlan 200<br>nameif dmz<br>security-level 0<br>ip address 10.10.20.254 255.255.255.0<br>no shutdown<br>!<br>interface Port-channel1.300<br>vlan 300<br>nameif inside<br>security-level 100<br>ip address 10.10.30.254 255.255.255.0<br>no shutdown<br>!<br>interface Port-channel1.400<br>vlan 400<br>nameif outside<br>security-level 0<br>ip address 10.10.40.254 255.255.255.0<br>no shutdown<br>!<br>mtu dmz 1500<br>mtu inside 1500<br>mtu outside 1500<br>mtu management 1500<\/p>\n\n\n\n<p>http server enable<br>http 192.168.1.0 255.255.255.0 management<br>management-access management<br>username cisco password 3USUcOPFUiMCO4Jk encrypted<br>!<\/p>\n\n\n\n<p>FW# show run | begin aaa<br>aaa authentication http console LOCAL<br>aaa authentication ssh console LOCAL<br>aaa authentication enable console LOCAL<br>aaa authorization command LOCAL<br>http server enable<br>http 192.168.1.0 255.255.255.0 management<br>no snmp-server location<br>no snmp-server contact<br>snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart<br>crypto ipsec security-association pmtu-aging infinite<br>crypto ca trustpool policy<br>telnet timeout 5<br>ssh stricthostkeycheck<br>ssh timeout 5<br>ssh key-exchange group dh-group1-sha1<br>console timeout 0<br>management-access management<br>threat-detection basic-threat<br>threat-detection statistics access-list<br>no threat-detection statistics tcp-intercept<br>webvpn<br>anyconnect-essentials<br>username cisco password 3USUcOPFUiMCO4Jk encrypted<br>!<br>class-map inspection_default<br>FW# show run all ssl<br>ssl server-version any<br>ssl client-version any<br>ssl encryption rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1<br>ssl certificate-authentication fca-timeout 2<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>ASA ACTIVE \/ Standby<\/strong><br>=======================<br>config t<br>interface Ethernet4<br>no shutdown<\/p>\n\n\n\n<p>interface Port-channel1.300<br>vlan 300<br>nameif inside<br>security-level 100<br>ip address 20.20.20.254 255.255.255.0<br>no shutdown<\/p>\n\n\n\n<p>failover lan unit primary<br>failover lan interface FAILOVER Ethernet4<\/p>\n\n\n\n<p>failover link FAILOVER Ethernet4<\/p>\n\n\n\n<p>failover interface ip FAILOVER 40.40.40.1 255.255.255.0 standby 40.40.40.2<\/p>\n\n\n\n<p>failover<\/p>\n\n\n\n<p>interface Port-channel1.300<br>ip address 20.20.20.254 255.255.255.0 standby 20.20.20.253<\/p>\n\n\n\n<p>interface Port-channel1.400<br>ip address 192.168.1.65 255.255.255.0 standby 192.168.1.66<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">FW2 ( Standby)<\/h1>\n\n\n\n<p>failover lan unit secondary<br>failover lan interface FAILOVER Ethernet4<br>failover link FAILOVER Ethernet4<br>failover interface ip FAILOVER 40.40.40.1 255.255.255.0 standby 40.40.40.2<br>failover<\/p>\n\n\n\n<p>interface Ethernet4<br>no shutdown<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">MONITORING INTERFACE<\/h1>\n\n\n\n<p>monitor-interface inside<br>monitor-interface outside<br>monitor-interface management<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">TESTING FAILOVER<\/h1>\n\n\n\n<p>FW1\/pri\/act(config)# no failover active<br>FW1\/pri\/act(config)# Waiting for the earlier webvpn instance to terminate\u2026<br>Previous instance shut down. Starting a new one.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>    Switching to Standby<\/code><\/pre>\n\n\n\n<p>FW1\/pri\/stby(config)#<br>FW1\/pri\/stby(config)#<br>FW1\/pri\/stby(config)# fail<br>FW1\/pri\/stby(config)# failover ac<br>FW1\/pri\/stby(config)# show mon<br>FW1\/pri\/stby(config)# show monitor-interface<br>This host: Primary &#8211; Standby Ready<br>Interface management (192.168.1.66): Normal (Monitored)<br>Interface inside (20.20.20.253): Normal (Monitored)<br>Interface outside (10.10.40.253): Normal (Monitored)<br>Other host: Secondary &#8211; Active<br>Interface management (192.168.1.65): Normal (Monitored)<br>Interface inside (20.20.20.254): Normal (Monitored)<br>Interface outside (10.10.40.254): Normal (Monitored)<br>FW1\/pri\/stby(config)# failover active<br>Waiting for the earlier webvpn instance to terminate\u2026<br>Previous instance shut down. Starting a new one.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>    Switching to Active<\/code><\/pre>\n\n\n\n<p>FW1\/pri\/act# show monitor-interface<br>This host: Primary &#8211; Active<br>Interface management (192.168.1.65): Normal (Monitored)<br>Interface inside (20.20.20.254): Normal (Monitored)<br>Interface outside (10.10.40.254): Normal (Monitored)<br>Other host: Secondary &#8211; Standby Ready<br>Interface management (192.168.1.66): Normal (Monitored)<br>Interface inside (20.20.20.253): Normal (Monitored)<br>Interface outside (10.10.40.253): Normal (Monitored)<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>happy Labiiiiinnnnnnnnnnnnnnnnnnnnnnnnnng!!!!!!!!!!!!!!!!!!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Firewall 1 Configuration config t!hostname FW1!interface Ethernet0nameif managementsecurity-level 0ip address 192.168.1.65 255.255.255.0no shutdown!interface Ethernet1channel-group 1 mode activeno nameifno security-levelno ip addressno shutdown!interface Ethernet2channel-group 1 mode activeno nameifno security-levelno ip addressno shutdown!interface Ethernet3channel-group 1 mode activeno nameifno security-levelno ip addressno shutdown!interface Port-channel1no nameifno security-levelno ip addressno shutdown!interface Port-channel1.200vlan 200nameif dmzsecurity-level 0ip address 10.10.20.254 255.255.255.0no shutdown!interface Port-channel1.300vlan [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1798","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1798"}],"version-history":[{"count":1,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1798\/revisions"}],"predecessor-version":[{"id":1799,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1798\/revisions\/1799"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}