{"id":244,"date":"2015-01-12T08:12:59","date_gmt":"2015-01-12T08:12:59","guid":{"rendered":"http:\/\/www.balajibandi.com\/?p=244"},"modified":"2017-08-25T09:18:46","modified_gmt":"2017-08-25T08:18:46","slug":"asa-activestandby-single-mode-setup","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=244","title":{"rendered":"ASA Active\/Standby Single mode setup"},"content":{"rendered":"

ASA Active\/Standby Single mode setup<\/strong><\/span><\/p>\n

HLD diagram for reference :<\/p>\n

\"\"<\/p>\n

FW1 simple config :<\/strong><\/p>\n

config t
\n!
\nhostname FW1
\n!
\ninterface Ethernet0
\nnameif management
\nsecurity-level 0
\nip address 192.168.1.65 255.255.255.0
\nno shutdown
\n!
\ninterface Ethernet1
\nchannel-group 1 mode active
\nno nameif
\nno security-level
\nno ip address
\nno shutdown
\n!
\ninterface Ethernet2
\nchannel-group 1 mode active
\nno nameif
\nno security-level
\nno ip address
\nno shutdown
\n!
\ninterface Ethernet3
\nchannel-group 1 mode active
\nno nameif
\nno security-level
\nno ip address
\nno shutdown
\n!
\ninterface Port-channel1
\nno nameif
\nno security-level
\nno ip address
\nno shutdown
\n!
\ninterface Port-channel1.200
\nvlan 200
\nnameif dmz
\nsecurity-level 0
\nip address 10.10.20.254 255.255.255.0
\nno shutdown
\n!
\ninterface Port-channel1.300
\nvlan 300
\nnameif inside
\nsecurity-level 100
\nip address 10.10.30.254 255.255.255.0
\nno shutdown
\n!
\ninterface Port-channel1.400
\nvlan 400
\nnameif outside
\nsecurity-level 0
\nip address 10.10.40.254 255.255.255.0
\nno shutdown
\n!
\nmtu dmz 1500
\nmtu inside 1500
\nmtu outside 1500
\nmtu management 1500<\/p>\n

http server enable
\nhttp 192.168.1.0 255.255.255.0 management
\nmanagement-access management
\nusername cisco password 3USUcOPFUiMCO4Jk encrypted
\n!
\nASA ACTIVE \/ Standby<\/strong>
\n=======================<\/p>\n

FW1#<\/p>\n

config t
\ninterface Ethernet4
\nno shutdown<\/p>\n

failover lan unit primary
\nfailover lan interface FAILOVER Ethernet4<\/p>\n

failover link FAILOVER Ethernet4<\/p>\n

failover interface ip FAILOVER 40.40.40.1 255.255.255.0 standby 40.40.40.2<\/p>\n

failover<\/p>\n

interface Port-channel1.300
\nip address 20.20.20.254 255.255.255.0 standby 20.20.20.253<\/p>\n

interface Port-channel1.400
\nip address 192.168.1.65 255.255.255.0 standby 192.168.1.66
\nFW2 ( Standby)<\/strong>
\n==============<\/strong><\/p>\n

failover lan unit secondary
\nfailover lan interface FAILOVER Ethernet4
\nfailover link FAILOVER Ethernet4
\nfailover interface ip FAILOVER 40.40.40.1 255.255.255.0 standby 40.40.40.2
\nfailover<\/p>\n

interface Ethernet4
\nno shutdown
\nMONITORING INTERFACE <\/strong>
\n====================<\/strong><\/p>\n

monitor-interface inside
\nmonitor-interface outside
\nmonitor-interface management<\/p>\n

TESTING FAILOVER<\/strong>
\n================<\/strong><\/p>\n

FW1\/pri\/act(config)# no failover active
\nFW1\/pri\/act(config)# Waiting for the earlier webvpn instance to terminate…
\nPrevious instance shut down. Starting a new one.<\/p>\n

Switching to Standby<\/p>\n

FW1\/pri\/stby(config)#
\nFW1\/pri\/stby(config)#
\nFW1\/pri\/stby(config)# fail
\nFW1\/pri\/stby(config)# failover ac
\nFW1\/pri\/stby(config)# show mon
\nFW1\/pri\/stby(config)# show monitor-interface
\nThis host: Primary – Standby Ready
\nInterface management (192.168.1.66): Normal (Monitored)
\nInterface inside (20.20.20.253): Normal (Monitored)
\nInterface outside (10.10.40.253): Normal (Monitored)
\nOther host: Secondary – Active
\nInterface management (192.168.1.65): Normal (Monitored)
\nInterface inside (20.20.20.254): Normal (Monitored)
\nInterface outside (10.10.40.254): Normal (Monitored)
\nFW1\/pri\/stby(config)# failover active
\nWaiting for the earlier webvpn instance to terminate…
\nPrevious instance shut down. Starting a new one.<\/p>\n

Switching to Active<\/p>\n

FW1\/pri\/act# show monitor-interface
\nThis host: Primary – Active
\nInterface management (192.168.1.65): Normal (Monitored)
\nInterface inside (20.20.20.254): Normal (Monitored)
\nInterface outside (10.10.40.254): Normal (Monitored)
\nOther host: Secondary – Standby Ready
\nInterface management (192.168.1.66): Normal (Monitored)
\nInterface inside (20.20.20.253): Normal (Monitored)
\nInterface outside (10.10.40.253): Normal (Monitored)<\/p>\n

 <\/p>\n

Updated :<\/strong><\/p>\n

Tuning Fail over Timers :<\/strong><\/p>\n

500msec and 2sc hold timer<\/p>\n

failover polltime unit msec 500 holdtime 2
\nfailover polltime interface msec 500 holdtime 5<\/p>\n

\"enter<\/p>\n

After tuning the timers only 1 ping lost<\/strong><\/p>\n

\"\"<\/p>\n

Monitoring the interface :<\/strong><\/p>\n

You need to mentioned monitor interface IP to monitor, example :<\/p>\n

interface Port-channel1.300
\nvlan 300
\nnameif inside
\nsecurity-level 100
\nip address 10.10.30.254 255.255.255.0 standby 10.10.30.253
\nno shutdown
\n!
\ninterface Port-channel1.400
\nvlan 400
\nnameif outside
\nsecurity-level 0
\nip address 10.10.40.254 255.255.255.0\u00a0standby 10.10.40.253<\/p>\n

Good Luck ! Happy Reading !!<\/strong><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

ASA Active\/Standby Single mode setup HLD diagram for reference : FW1 simple config : config t ! hostname FW1 ! interface Ethernet0 nameif management security-level 0 ip address 192.168.1.65 255.255.255.0 no shutdown ! interface Ethernet1 channel-group 1 mode active no nameif no security-level no ip address no shutdown ! interface Ethernet2 channel-group 1 mode active […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,2],"tags":[],"class_list":["post-244","post","type-post","status-publish","format-standard","hentry","category-ccie-sec","category-cisco"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=244"}],"version-history":[{"count":5,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/244\/revisions"}],"predecessor-version":[{"id":466,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/244\/revisions\/466"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}