Cisco ASA Failover Configuration

This is a LAN-based ASA failover configuration sample:


See below list the IP addresses that I’m going to use in my configuration. Note: Ensure the IP addresses in the same column are in one subnet.

Role\Interface Outside Inside Failover DMZ
Primary A.A.A.A C.C.C.C E.E.E.E G.G.G.G
Standby B.B.B.B D.D.D.D F.F.F.F H.H.H.H

1) On the Primary ASA, define the function and primary/ secondary IP address for each interface. Then enable the failover and create a preshared key.

interface Ethernet0/0
description Outside Public Network
nameif outside
security-level 0
ip address A.A.A.A standby B.B.B.B
interface Ethernet0/1
description Inside Private Network
nameif inside
security-level 100
ip address C.C.C.C standby D.D.D.D
interface Ethernet0/2
description LAN/STATE Failover Interface

interface Ethernet0/3
nameif dmz
security-level 50
ip address E.E.E.E standby F.F.F.F

failover lan unit primary
failover lan interface lanfo Ethernet0/2
failover key mytest
failover replication http
failover link lanfo Ethernet0/2
failover interface ip lanfo G.G.G.G standby H.H.H.H

2) One the secondary ASA, enable the failover and use the same pre-shared key created above.

failover lan unit secondary
failover lan interface lanfo Ethernet0/2
failover key mytest

3) Run the command ‘show failover state ’ to confirm whether the failover is working. If you see ‘Standby Ready’, it means you have made it right.

ASA# show failover state

State          Last Failure Reason      Date/Time

This host  –   Primary

Active         None

Other host –   Secondary

Standby Ready  None

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: