67-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 67 Configuring Active/Active Failover
Configuring Active/Active Failover
Configuring Active/Active Failover
Failover-Multiple Mode, Security Context
The fields displayed on the Failover pane in multiple context mode change depending upon whether the
context is in transparent or routed firewall mode.
This section includes the following topics:
• Failover - Routed
• Failover - Transparent
Failover - Routed
Use this pane to define the standby IP address for each interface in the security context and to specify
whether the status of the interface should be monitored.
Fields
• Interface table—Lists the interfaces on the ASA and identifies their active IP address, standby IP
address, and monitoring status.
–
Interface Name column—Identifies the interface name.
–
Active IP column—Identifies the active IP address for this interface.
–
Standby IP column—Identifies the IP address of the corresponding interface on the standby
failover unit.
–
Is Monitored column—Specifies whether this interface is monitored for failure.
• Edit—Displays the Edit Failover Interface Configuration dialog box for the selected interface.
Edit Failover Interface Configuration
Use the Edit Failover Interface Configuration dialog box to define the standby IP address for an interface
and to specify whether the status of the interface should be monitored.
Fields
• Interface Name—Identifies the interface name.
• Active IP Address—Identifies the IP address for this interface. This field does not appear if an IP
address has not been assigned to the interface.
• Subnet Mask/Prefix Length—Identifies the mask (for IPv4 addresses) or prefix (for IPv6 addresses)
for this interface. This field does not appear if an IP address has not been assigned to the interface.
• Standby IP Address—Specifies the IP address of the corresponding interface on the standby failover
unit. This field does not appear if an IP address has not been assigned to the interface.
• Monitor interface for failure—Specifies whether this interface is monitored for failure. The number
of interfaces that can be monitored for the security appliance is 250. Hello messages are exchanged
between the security appliance failover pair during every interface poll time period. Monitored
failover interfaces can have the following status:
–
Unknown—Initial status. This status can also mean the status cannot be determined.
–
Normal—The interface is receiving traffic.