Cisco PIX 500 Series Configuration Manual page 242

Configuring Failover
If you are changing from cable-based failover to LAN-based failover, you can skip any steps, such as
Note
assigning the active and standby IP addresses for each interface, that you completed for the cable-based
failover configuration.
This section includes the following topics:
•
•
Configuring the Primary Unit
Follow these steps to configure the primary unit in a LAN-based, Active/Standby failover configuration.
These steps provide the minimum configuration needed to enable failover on the primary unit. For
multiple context mode, all steps are performed in the system execution space unless otherwise noted.
To configure the primary unit in an Active/Standby failover pair, perform the following steps:
If you have not done so already, configure the active and standby IP addresses for each data interface
Step 1
(routed mode), for the management IP address (transparent mode), or for the management-only
interface. The standby IP address is used on the security appliance that is currently the standby unit. It
must be in the same subnet as the active IP address.
Note
hostname(config-if)# ip address active_addr netmask standby standby_addr
In routed firewall mode and for the management-only interface, this command is entered in interface
configuration mode for each interface. In transparent firewall mode, the command is entered in global
configuration mode.
In multiple context mode, you must configure the interface addresses from within each context. Use the
changeto context command to switch between contexts. The command prompt changes to
hostname/ context (config-if)#
management IP address for each context in transparent firewall multiple context mode.
(PIX 500 series security appliance only) Enable LAN-based failover:
Step 2
hostname(config)# failover lan enable
Designate the unit as the primary unit:
Step 3
hostname(config)# failover lan unit primary
Step 4 Define the failover interface:
a.
b.
Cisco Security Appliance Command Line Configuration Guide
14-22
Configuring the Primary Unit, page 14-22
Configuring the Secondary Unit, page 14-24
Do not configure an IP address for the Stateful Failover link if you are going to use a dedicated
Stateful Failover interface. You use the failover interface ip command to configure a dedicated
Stateful Failover interface in a later step.
Specify the interface to be used as the failover interface:
hostname(config)# failover lan interface if_name phy_if
The if_name argument assigns a name to the interface specified by the phy_if argument. The phy_if
argument can be the physical port name, such as Ethernet1, or a previously created subinterface,
such as Ethernet0/2.3. On the ASA 5505 adaptive security appliance, the phy_if specifies a VLAN.
Assign the active and standby IP address to the failover link:
, where context is the name of the current context. You must enter a
Chapter 14 Configuring Failover
OL-12172-03