Filter
Top Products
CHAPTER
67-1
Cisco ASA 5500 Series Configuration Guide using ASDM
67
Configuring Active/Active Failover
This chapter describes how to configure Active/Active failover and includes the following sections:
• Information About Active/Active Failover, page 67-1
• Licensing Requirements for Active/Active Failover, page 67-6
• Prerequisites for Active/Active Failover, page 67-6
• Guidelines and Limitations, page 67-7
• Configuring Active/Active Failover, page 67-8
• Monitoring Active/Active Failover, page 67-18
• Feature History for Active/Active Failover, page 67-19
Information About Active/Active Failover
This section describes Active/Active failover. This section includes the following topics:
• Active/Active Failover Overview, page 67-1
• Primary/Secondary Status and Active/Standby Status, page 67-2
• Device Initialization and Configuration Synchronization, page 67-3
• Command Replication, page 67-3
• Failover Triggers, page 67-4
• Failover Actions, page 67-4
Active/Active Failover Overview
Active/Active failover is only available to ASAs in multiple context mode. In an Active/Active failover
configuration, both ASAs can pass network traffic.
In Active/Active failover, you divide the security contexts on the ASA into failover groups. A failover
group is simply a logical group of one or more security contexts. You can create a maximum of two
failover groups. The admin context is always a member of failover group 1. Any unassigned security
contexts are also members of failover group 1 by default.
The failover group forms the base unit for failover in Active/Active failover. Interface failure monitoring,
failover, and active/standby status are all attributes of a failover group rather than the unit. When an
active failover group fails, it changes to the standby state while the standby failover group becomes