Question 1 How many states used in BGP ? Question 2 Which is the port number used by BGP ? Question 3 What is the weight value for locally originated routes ? Question 4 What is the Weight value for non locally originated routes ? Question 5 What is the default local preference value ?… Read More »
Cisco active standby failover feature provides the stateful failover , means if one firewall fails then traffic will be move on secondary firewall and users will not face any blimp in connectivity. For detailed overview on ASA active standby can read the below article.
ASA Failover Active/Standby (Failover and stateful link on different interfaces)
In below topology , we are using a single link for both failover link and stateful link. both firewalls are directly connected using a single linkon port Gi0/2. We can also connect both ASA firewalls through a layer 2 switch. but this switch should not have other connections as well as we should configure the VLANs on it. This is not compulsory but it is recommended by cisco due to security purpose.
We are having many things which should be in mind before configure the Active / Standby failover and after configure the failover. but we can’t cover all those things with this example. so we have already created a seprate articale for it.
ASA active standby topology
ASA1
Conf t
failover lan unit primary
failover lan interface FAIL_OVER GigabitEthernet0/2
failover link FAIL_OVER GigabitEthernet0/2
failover interface ip FAIL_OVER 10.10.10.1 255.255.255.252 standby 10.10.10.2
failover
int g0/2
no shut
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 30.30.30.254 255.255.255.248 standby 30.30.30.253
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 20.20.20.254 255.255.255.0 standby 20.20.20.253
wr
OPTIONAL
monitor-interface INSIDE
monitor-interface OUTSIDE
NOTE: The ASA requires something that can trigger the failover mechanism. By default all physical interfaces are monitored and used for trigger the failover as well as hardware and software failure is also triggers the failover. we can also define the monitoring of interfaces if we don’t want to monitor all the interfaces
ASA2
Conf t
failover lan unit secondary
failover lan interface FAIL_OVER GigabitEthernet0/2
DNLD process is used to upload the IOS when IOS is in rommon mode and we are unable to upload the IOS in normal way because router don’t have nay IP address or any other configuration so we can upload the IOS using normal process. in this case we can upload the IOS using DNLD process or through X-Modem. Below is the DNLS process and X-modem process , i will explain in another post.
Just remember the one word that is TFTPDNLD , other command syntax will be show on console when you runs the tftpdnld. so no need to remember all the commands. Before follow the below process , your desktop / laptop should be connected with router using straight or cross cable and console cable as well as make sure you are having tftp server application on your laptop and IOS image. also make sure that you have given the path of IOS in application and TFTP server application taking the IP address of your laptop.
Rommon> dir flash:
Rommon1>tftpdnld
Rommon3>IP_ADDRESS=10.104.45.1