5510 to 5505 failover (active/active)

Hello,
We have both a 5510 and a 5505, and they are both running the security plus licenses. At this time, the 5510 is connected to our primary (and much faster) ISP connection. We also have a DSL connection available that I could connect to the 5505. A different ISP supplies each device (Charter and AT&T, respectively). Each are assigned a single, public IP address via DHCP from the respective ISP.
Is it possible to configure the 5505 to accept the connection and become primary in the event that the 5510 goes offline (either due to outage or failure)?
If so, what are the steps I would take to configure this? Examples of commands to issue would be very helpful.
Many Thanks in Advance!
-Rob

You cannot configure a direct Failover/HA setup with two different ASA models.
For a solution to your problem, I'd suggest using IP SLA on a router or L3 switch that both ASAs plug into - that way if one link/ASA goes down, the default route will change to the other ASA.
EDIT: By the way, the failover setup you describe is Active/Standby. Active/Active refers to two separate ASAs running multi-context, with one ASA being active for "context1" and the other ASA being active for "context2". ASA 5505's do not support multi-context.

Similar Messages

  • UCCX 8.0 SNMP notification to report failover from active to the standby server?

    Does any know the UCCX 8.0 SNMP notification to report failover from active to the standby server?  (The specific notification.)
    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-VOICE-APPS-MIB.my
    I see this in the MIB.
    cvaModuleStart NOTIFICATION-TYPE
      OBJECTS   { cvaAlarmSeverity, cvaModuleName }
      STATUS    current
      DESCRIPTION
            "A cvaModuleStart notification signifies that an
            application module or subsystem has successfully
            started and transitioned into in-service state. 
            This notification is working in conjunction with
            the cvaModuleStop notification to notify the start
            and stop status of a particular application module."
      ::= {ciscoVoiceAppsMIBNotifications 1}

    Attached are two files:
    cad-ecc-viewer.html
    This is a template HTML document which dictates how the pop up will look and what data fields are available.
    cad-ecc-viewer.vbs
    This is the Windows Scripting Host file which you run from a CDA workflow, and you pass it the values of the call data, it then launches an instance of IE and loads the above template.
    By default the code is setup to use the following data from the call, but can be modified to work with more, less, or different data:
    Customer Name
    Customer Status (like Premium, or Platinum)
    Customer Number (like an account number)
    Customer Phone Number
    So when you specify the VBS file to run in CDA you need to pass those variables in that order.
    The CDA should expect the VBS file on the root of C:\ by default, and the VBS file expects the HTML Template on the root of C:\ also.
    I have only tested this on UCCX 7x and IE 8x.  Use the code as a guide to your own solution, that suites your business requirements.
    EDIT: I see that this does not work on my Win7/IE9 system, so I will spend some time updating the code for Win7/IE9 and I'll let you know how it goes.
    Anthony Holloway
    Please use the star ratings to help drive great content to the top of searches.

  • Cisco asa security context active/active failover

    Hi,                  
    I have two Cisco ASA 5515-X appliance running OS version 8.6. I want to configure these two appliance in multiple context mode mode.
    Each ASA appliance will have two security context named "ctx1" & "ctx2".
    I have to configure failover on these two ASA appliance such that "ctx1" will be active in one ASA box and "ctx2" will be active and process the traffic on second box to achieve this i will configure two failover group 1 & 2. And assign "ctx1" interfaces in failover group 1 and "ctx2" interface to group 2.
    I am a reading a book on failover configuration in active/active in that below note is mentioned.
    If an interface is used as the shared interface between multiple contexts, then all of those contexts need to be in the same failover redundancy group.
    What this means? can someone please explain because i also want to use a shared interface which will be used by "ctx1" & "ctx2". In this case shared interface can be used in failover group 1 & 2 ?
    Regards,
    Nick

    Yout will have to contact [email protected] or open a TAC case in order to have a new activation key generated. They can do that once they confirm your eligibility.

  • To apply license in FWSM (Active-Active mode) and disable failover

    Dear Team
    I want to apply license to increase security context in FWSM which is running in Active-Active mode on VSS Core switches
    As per below document, first we need to disable failover by entering 'no failover' command on active FWSM and then apply the license seperately on both FWSM.
    I just want to know when i will disable the failover then standby move to pseudo-standby state. 
    Will there be any services impact which are running behind the FWSM when disbaling the failover and then re-enabling the failover.
    http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg/swcnfg_f.html#wp1073226
    Appreciate your response.

    Hi,
    I think in your case as it is Active/Active , there is one extra step required.
    You need to make all the contexts active on one unit and on the other one all should be standby.
    Then disable the failover and update the license and re-enable the failover.
    Thanks and Regards,
    Vibhor Amrodia

  • FWSM 4.0: switch from active/standby to active/active failover mode

    Hello,
    I have a pair of FWSM's running version 4.0 currently in active/standby failover mode, and I'd like to switch them to be active/active.  Is there a documented procedure for doing this?  What are the implications for any contexts switched to be primary on the FWSM that is currently acting as a standby (i.e., what kind of outage time can we expect)?
    Thanks in advance,
    Mike

    Hi Bro
    Thanks for the update, but still you'll need to create 2 contexts, each context will be ACTIVE on different Cisco ASA FW units. Hence, there will be some cut, copy and paste effort, not forgetting recabling, if that's needed. Here's a Cisco document to configure ACTIVE/ACTIVE for those who can't seem to find this document http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req
    Conclusion: There will be some network downtime. I'm guessing 15min, if it was me :-)
    P/S: If you think this comment is helpful, please do rate it nicely :-)

  • JDBC for Active-Active Oracle Primary/Failover DB

    Hi,
    Currently for our application we use an Oracle Primary (Active) and FailOver (Passive) setup. To connect to these databases, we use two JNDIs and use JDBC thin driver. Say when a Failover (FO) occurs, we have a logic to use the FO JNDI and connect to the FO DB.
    But in future we are planning to have both Primary and FO as Active-Active configuration. So accd to Websphere there should be one URL (JDBC thin driver), but it should be able to connect to two datasources. I came to know that the driver will take care of this. Is this possible? If so please explain how? Thank you!

    If your oracle database is using RAC, you can use the Oracle's OCI or thin JDBC driver.
    FAILOVER Examples
    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost2)(PORT=1521))(FAILOVER=on)(LOAD_BALANCE=off))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dbservice)))
    Load balancing example:
    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost2)(PORT=1521))(FAILOVER=off)(LOAD_BALANCE=on))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dbservice)))
    Also see http://download-west.oracle.com/docs/cd/B14117_01/rac.101/b10768/example.htm#RACDP202

  • ASA Active/Active Failover with Redundant Guest Anchors

    Does anyone know how an ASA and a guest anchor 5508 will interact if I setup an Active/Active failover pair with physical interface redundancy?  I see from documentation that I can create a logical group in the ASA to bond physical interfaces together, but it doesn't describe what protocol is being used to manage that bundle.  Do I assume etherchannel?  If I were to create this scenario, can I run the 5508 in LAG mode?
    The current failover configuration example is for PIX, and old code at that.  I'm referencing an ASA/PIX guide ISBN:1-58705-819-7 beginning on page 531.
    Regards,
    Scott

    In addition to what you have, you should add to each unit the global configuration command "failover".
    We generally don't manually configure the MAC addresses in single context mode since the ASA ill automatically assign virtual MAC addresses and manage their moving to the newly active unit in the event of a failover event. Reference.

  • Failover exec active write mem

    Hi Everyone,
    I was doing config change on firewall  in multicontext mode.
    IT has 2 contexts  admin and X.
    I log into admin context via ASDM and switch to context X with the  ASDM as  need to make changes to context firewall X.
    When i config the changes via asdm and click on apply it show me message
    failover exec active write mem followed by ACL which i was going to apply.
    Need to confirm if above command is safe to run on production network without causing any issues?
    Finally i logged into Context X which was admin for that and made the chnages via CLI.

    hi mahesh,
    i'm suspecting you're making changes in context x from the standby unit. you could verify with show failover command.
    it's safe to assume to issue a failover exec active write mem since you're just saving the config for the active unit.
    you could alternatively use the write memory all command to save the system and all context config changes.

  • RAC Active Active cluster failover time

    Hi,
    In a RAC active active cluster , how long does it take to failover to the surviving instance.
    As per the docu I understand that rollback is done just for the select statements and not others. Is that correct?

    RAC is an active-active cluster situation by design.
    A failover from a session from a stopped/crashed instance to a surviving one can be implemented in several ways.
    The most common way to do failover is using TAF, Transparent Application Failover, which is implemented on the client (using settings in the tnsnames.ora file)
    When an instance of a RAC cluster is crashed, the surviving instances (actually the voted master instance) will detect an instance is crashed, and recover the crashed instance using its online redologfiles. Current transactions in that instance will be rolled back. The time it will take is depended on activity in the database, thus the amount to recover.

  • CSS active-active stateful failover

    Dear All,
    May I confirm if CSS can do active-active stateful failover? If so, is it any restriction? and any Cisco URL I can refer to?
    Thanks a lot.
    mak

    what do you call active-active ?
    There different ways to achieve active-active.
    What we can do is 1 vip active on 1 CSS-A and standby on CSS-B and a 2nd VIP active on CSS-B and standby on CSS-A.
    But do you really need this ?
    CSS can handle quite a huge amount of traffic so I never saw the need for active-active.
    The failover can be statefull with CSS115xx not with CSS110xx or CSS118xx or CSS111xx.
    Here is a sample config for one-armed mode but you can also have multiple vlans.
    http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00802206a3.shtml
    Regards,
    Gilles

  • FWSM Active/Active Failover ICMP replication

    I have an issue with WS-SVC-FWM-1 module - in the active/active failover it doesn't make ICMP connection state replication with asr-groups configured on the respective interfaces. Although other connections are working just fine (asymmetric routing is verified with 'show ip cef' on the MSFC) it seems that only newer ASAs are doing ICMP replication in failover, but I couldn't find any documentation describing replication behavior for the FWSM. Can anyone
    clearly describe FWSM's behavior for this?

    What FWSM version are you running?
    Please remember to rate and select a correct answer

  • ASA active/active failover back to back

    Hi,
          for HA  I want to connect 4 ASA's in active/active failover with each ASA having two contexts.
    The reason I need this is to separate two domains. Each domain has the ASA pair in active/active failover.
    Is this possible and what would you need to do it  ie a switch or two in between ?
    I know you need switches or vlans to do the LAN side as the failover context needs to be in the same network. So I'm assuming you would need to do something similar between the 4 ASA's ???
    Would you put 2 switches trunked together carrying two vlans, one for each context ?
              -| CTX1 |-          ?         -| CTX1 |-
              -| CTX2 |-          ?         -| CTX2 |-
                   |  |                                |  |
              -| CTX1 |-          ?         -| CTX1 |-
              -| CTX2 |-          ?         -| CTX2 |-
    Thanks in advance.

    Your latest attachment is pretty close to what I was thinking.
    I would add a second interface on each ASA to the switches.
    So (considering the "Inside" interfaces of ASA1 for example) it would have one physical interface allocated to context 1 and connected to a port in VLAN2 and a second physical interface allocated to context 2 and connected to a port in VLAN 3.
    An alternative would be to stick with a single physical interface and allocate subinterfaces (on a trunk) to each context.
    You could further add redundancy by creating Etherchannels (with either the physical or logical interface approach).

  • Failover Under ASDM shows Active/Active

    Hi everyone,
    ASA  is config for failover which is Active /standby.Command line shows failover as active and standby.
    But under ASDM,Licensing ,Activation key it show as
    Failover
    Active/Active
    Is this by design that it show as active/active?
    Regards
    Mahesh

    Hi Mahesh,
    I think it means that the ASA is licensed to be able to support Active/Active while you have actually set up the ASAs to do Active/Standby
    To my understanding for example the ASA5505 model could only support Active/Standby Failover since it doesnt Security Contexts as those are required for an Active/Active setup.
    - Jouni

  • Does VPN works in Firewall Active Active failover mode?

    i want to clarify these two things!
    1. Does VPN works in failover mode in Active/Active mode?
    2. What about in Failover mode Active/Pasive?
    Regards!

    Hi,
    Using an Active/Active Failover means that the Firewalls will be in Multiple Context mode. In other words virtual firewalls.
    This means that you can ONLY use IPsec L2L VPN connections on the virtual firewalls if you are running 9.x software level on the firewalls. Any form of Client and Clientless VPN isnt supported in Multiple Context Mode at the moment.
    Now with Active/Standby we have to make a distinction (if that was the word).
    IF you run a normal Active/Standby Failover pair of ASAs that IS NOT in Multiple Context mode YOU CAN use any type of VPN the ASAs support.
    IF you run a a pair of ASAs in Multiple Context Mode and in Active/Standby Mode you will naturally run into the limitation of VPN support in Multiple Context Mode and WILL NOT be able to use any other VPNs other than IPsec L2L VPN connections provided you are running 9.x software that supports it.
    Hope this helps
    - Jouni

  • Radius auth to standby ASA in Active Active Failover

    Hi Everyone,
    When ASA is in Active/standby failover i can ssh to standby ASA using Radius.
    But when ASA is in multi context mode  Active/Active failover i can not do Radius Auth to standby ASA?
    Is this default behaviour?
    Regards
    MAhesh

    I would not have thought this is the default behavior...but then again, I have never tested this.  If you console into the standby context issue the command show run | in aaa.  Which authentication database is indicated?
    Please remember to select a correct answer and rate helpful posts

Maybe you are looking for

  • Latest itunes update 11.0.2 causes blue screen

    I have updated the itunes Software to the latest version (11.0.2) twice now.  Shortly after the update I get the blue screen.  The only way to remedy the situation is to restore the OS back to the point prior to the itunes update.  Everything works f

  • Can't get wireless to work

    here's the situation... -extreme hooked up to cable modem -iMac connected to extreme w/ethernet cable -internet works fine -go to airport utility, follow steps to create a wireless network -wireless doesn't work, and iMac internet (wired to extreme)

  • Issue in APD

    Hi guys , I have an issue in APD . I have created a new APD with a Query as source and an Application file as the data target . (In between , I have various filters , sorts, etc) After succesfully executing this APD , the log which appears does not s

  • Firefox is stuck on "new tab"

    I can open my Firefox by my desktop shortcut and open as many "new tab" pages as I would like. The problem is I can't go to any other pages. No urls will work, I can type them in but as soon as I hit enter it just returns to the blank "new tab" page.

  • JavaMail support of non-ASCII and double-byte characters?

    currently doing a project involving foreign characters would be great to know if this was possible using java mail any insight? thanks in advance