Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 66 Configuring Active/Standby Failover
Configuring Active/Standby Failover
• Type an IP address into the field. The address can be an IPv4 or an IPv6 address.
You can also specify whether or not the interface is monitored from this tab. For more information about
configuring interface monitoring, see the “Disabling and Enabling Interface Monitoring” section on
page 66-10.
Configuring Optional Active/Standby Failover Settings
This section includes the following topics:
• Disabling and Enabling Interface Monitoring, page 66-10
• Configuring Failover Criteria, page 66-11
• Configuring the Unit and Interface Health Poll Times, page 66-11
• Configuring Virtual MAC Addresses, page 66-12
You can configure the optional Active/Standby failover settings when initially configuring the primary
unit in a failover pair or on the active unit in the failover pair after the initial configuration.
Disabling and Enabling Interface Monitoring
You can control which interfaces affect your failover policy by disabling the monitoring of specific
interfaces and enabling the monitoring of others. This feature enables you to exclude interfaces attached
to less critical networks from affecting your failover policy.
You can monitor up to 250 interfaces on a unit. By default, monitoring physical interfaces is enabled and
monitoring subinterfaces is disabled.
Hello messages are exchanged during every interface poll frequency time period between the ASA
failover pair. The failover interface poll time is 3 to 15 seconds. For example, if the poll time is set to 5
seconds, testing begins on an interface if 5 consecutive hellos are not heard on that interface (25
Monitored failover interfaces can have the following status:
• Unknown—Initial status. This status can also mean the status cannot be determined.
• Normal—The interface is receiving traffic.
• Testing—Hello messages are not heard on the interface for five poll times.
• Link Down—The interface or VLAN is administratively down.
• No Link—The physical link for the interface is down.
• Failed—No traffic is received on the interface, yet traffic is heard on the peer interface.
To enable or disable health monitoring for specific interfaces on units in single configuration mode, enter
one of the following commands. Alternately, for units in multiple configuration mode, you must enter
the commands within each security context.
To disable or enable monitoring of an interface, perform the following steps:
Step 1 Choose the Configuration > Device Management > High Availability > Failover > Interfaces tab.
A list of configured interfaces appears. The Monitored column displays whether or not an interface is
monitored as part of your failover criteria. If it is monitored, a check appears in the Monitored check box.