Cisco FirePOWER ASA 5500 series Configuration Manual page 237
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
Enter the following commands to configure asymmetric routing support. The asr-group command is
only available in the security contexts. Stateful Failover must be enabled for asymmetric routing to
function properly.
hostname/ctx1(config)# interface phy_if
hostname/ctx1(config-if)# asr-group num
Valid values for num range from 1 to 32. You need to enter the command for each interface that
participates in the asymmetric routing group. You can view the number of ASR packets transmitted,
received, or dropped by an interface using the show interface detail command.
Figure 14-1
Figure 14-1
Context A
interface Ethernet4
nameif outside
asr-group 1
Context A is active on one unit and context B is active on the other. Each context has an interface named
"outside", both of which are configured as part of asr-group 1. The outbound traffic is routed through
the unit where context A is active. However, the return traffic is being routed through the unit where
context B is active. Normally, the return traffic would be dropped because there is no session information
for the traffic on the unit. However, because the interface is configured with an asr-group number, the
unit looks at the session information for any other interfaces with the same asr-group assigned to it. It
finds the session information in the outside interface for context A, which is in the standby state on the
unit, and forwards the return traffic to the unit where context A is active.
The traffic is forwarded though the outside interface of context A on the unit where context A is in the
standby state and returns through the outside interface of context A on the unit where context A is in the
active state. This forwarding continues as needed until the session ends.
OL-10088-01
shows an example of using the asr-group command for asymmetric routing support.
ASR Example
ISP A
Failover/State link
Outbound Traffic
Return Traffic
network
ISP B
interface Ethernet2
Inside
Cisco Security Appliance Command Line Configuration Guide
Configuring Failover
Context B
nameif outside
asr-group 1
14-35
Advertisement
Table of Contents
Troubleshooting
