Cisco ASA 5505 Configuration Manual page 1225

Chapter 59 Configuring Active/Standby Failover
To encrypt the failover link, do the following:
Step 3
(Optional) Check the Use 32 hexadecimal character key to enter a hexadecimal value for the
a.
encryption key in the Shared Key box.
Enter the encryption key in the Shared Key box.
b.
If you checked the Use 32 hexadecimal character key check box, then enter a hexadecimal
encryption key. The key must be 32 hexadecimal characters (0-9, a-f).
If the Use 32 hexadecimal character key check box is unchecked, then enter an alphanumeric shared
secret. The shared secret can be from 1 to 63 characters. Valid character are any combination of
numbers, letters, or punctuation. The shared secret is used to generate the encryption key.
Select the interface to use for the failover link from the Interface list. Failover requires a dedicated
Step 4
interface, however you can share the interface with Stateful Failover.
Only unconfigured interfaces or subinterfaces are displayed in this list and can be selected as the LAN
Failover interface. Once you specify an interface as the LAN Failover interface, you cannot edit that
interface in the Configuration > Interfaces pane.
Specify the logical name of the interface used for failover communication in the Logical Name field.
Step 5
Specify the active IP address for the interface in the Active IP field. The IP address can be either an IPv4
Step 6
or an IPv6 address. You cannot configure both types of addresses on the failover link interface.
Depending upon the type of address specified for the Active IP, enter a subnet mask (IPv4 addresses) or
Step 7
a prefix length (IPv6 address) for the failover interface in the Subnet Mask/Prefix Lenght field. The
name of the field changes depending upon the type of address specified in the Active IP field.
Step 8 Specify the IP address used by the secondary unit to communicate with the primary unit in the Standby
IP field. The IP address can be an IPv4 or an IPv6 address.
Step 9 Select Primary or Secondary in the Preferred Role field to specify whether the preferred role for this
adaptive security appliance is as the primary or secondary unit.
(Optional) Configure the Stateful Failover link by doing the following:
Step 10
Note
Specifies the interface used for state communication. You can choose an unconfigured interface or
a.
subinterface, the LAN Failover interface, or the Use Named option.
Note
If you choose an unconfigured interface or subinterface, you must supply the Active IP, Subnet
Mask, Standby IP, and Logical Name for the interface.
If you choose the LAN Failover interface, you do not need to specify the Active IP, Subnet Mask,
Logical Name, and Standby IP values; the values specified for the LAN Failover interface are used.
If you choose the Use Named option, the Logical Name field becomes a drop-down list of named
interfaces. Choose the interface from this list. The Active IP, Subnet Mask/Prefix Length, and
Standby IP values do not need to be specified. The values specified for the interface are used. Be
sure to specify a standby IP address for the selected interface on the Interfaces tab.
OL-20339-01
Stateful Failover is not available on the ASA 5505 platform. This area does not appear on ASDM
running on an ASA 5505 adaptive security appliance.
We recommend that you use two separate, dedicated interfaces for the LAN Failover interface
and the Stateful Failover interface.
Configuring Active/Standby Failover
Cisco ASA 5500 Series Configuration Guide using ASDM
59-7