cisco asa active standby failover configuration example

By | February 23, 2020

Cisco active standby failover feature provides the stateful failover , means if one firewall fails then traffic will be move on secondary firewall and users will not face any blimp in connectivity. For detailed overview on ASA active standby can read the below article.

ASA Failover Active/Standby (Failover and stateful link on different interfaces)

In below topology , we are using a single link for both failover link and stateful link. both firewalls are directly connected using a single linkon port Gi0/2. We can also connect both ASA firewalls through a layer 2 switch. but this switch should not have other connections as well as we should configure the VLANs on it. This is not compulsory but it is recommended by cisco due to security purpose.

We are having many things which should be in mind before configure the Active / Standby failover and after configure the failover. but we can’t cover all those things with this example. so we have already created a seprate articale for it.

ASA active standby topology


Conf t

failover lan unit primary

failover lan interface FAIL_OVER GigabitEthernet0/2

failover link FAIL_OVER GigabitEthernet0/2

failover interface ip FAIL_OVER standby


int g0/2

no shut

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address standby

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address standby



monitor-interface INSIDE
monitor-interface OUTSIDE

NOTE: The ASA requires something that can trigger the failover mechanism. By default all physical interfaces are monitored and used for trigger the failover as well as hardware and software failure is also triggers the failover. we can also define the monitoring of interfaces if we don’t want to monitor all the interfaces


Conf t

failover lan unit secondary

failover lan interface FAIL_OVER GigabitEthernet0/2