Configuring Cisco ASA Active/Standby Failover

Identical Cisco ASA firewalls (same hardware, model, interfaces and RAM etc) can be configured for failover, thus allowing for uninterrupted network connectivity. The Cisco ASA supports 2 failover configurations Active/Active (both appliances pass traffic) and Active/Standby (only the active appliance passes traffic, whilst the other appliance is waiting for failure/failover to occur).

The ASA appliances are connected to each other through a dedicated failover link, this can be any spare interface not currently used. Stateful failover can also be configured; this replicates the firewall state information to the standby appliance.

Continue reading “Configuring Cisco ASA Active/Standby Failover”