Active-Standby Failover

Overview

Active/Standby is the simplest ASA failover mode. One unit actively processes traffic while the standby unit monitors and takes over if the active unit fails. Both units share the same configuration, and the standby unit does not pass traffic under normal operation.

Key concepts:

Only one unit processes traffic at a time
Stateful or stateless failover
Failover link for health monitoring and configuration sync
Optional state link for connection replication

Video Walkthrough

Video walkthrough coming soon.

Prerequisites

No additional licensing is required for Active/Standby failover. Both ASA units must have:

Identical hardware model and module configuration
Same software version
Same firewall mode (routed or transparent)
Same context mode (single or multiple)
A dedicated failover link (LAN-based failover recommended)

Configuration Steps (CLI)

1. Configure the Failover Interface

On the primary unit:

ASAv1(config)# interface GigabitEthernet0/3
ASAv1(config-if)# no shutdown

2. Assign the Failover LAN Interface

ASAv1(config)# failover lan unit primary
ASAv1(config)# failover lan interface folink GigabitEthernet0/3
ASAv1(config)# failover interface ip folink 10.0.0.1 255.255.255.252 standby 10.0.0.2

3. Configure the State Link (Optional but Recommended)

Using the same interface as the failover link:

ASAv1(config)# failover link folink GigabitEthernet0/3

Or using a dedicated interface:

ASAv1(config)# failover link statelink GigabitEthernet0/4
ASAv1(config)# failover interface ip statelink 10.0.1.1 255.255.255.252 standby 10.0.1.2

4. Enable Failover

ASAv1(config)# failover

5. Configure the Secondary Unit

On the secondary unit, you only need to configure the failover interface and set it as secondary:

ASAv1(config)# interface GigabitEthernet0/3
ASAv1(config-if)# no shutdown
ASAv1(config)# failover lan unit secondary
ASAv1(config)# failover lan interface folink GigabitEthernet0/3
ASAv1(config)# failover interface ip folink 10.0.0.1 255.255.255.252 standby 10.0.0.2
ASAv1(config)# failover

The secondary unit will pull the full configuration from the primary automatically.

6. Verify Failover Status

ASAv1# show failover
ASAv1# show failover state

Configuration Steps (ASDM)

Screenshots and ASDM walkthrough coming soon.

Site-to-Site IPsec VPN

Docs

SecurePackets

Title here

Active-Standby Failover

Overview

Video Walkthrough

Prerequisites

Configuration Steps (CLI)

1. Configure the Failover Interface

2. Assign the Failover LAN Interface

3. Configure the State Link (Optional but Recommended)

4. Enable Failover

5. Configure the Secondary Unit

6. Verify Failover Status

Configuration Steps (ASDM)

Active-Standby Failover

Overview#

Video Walkthrough#

Prerequisites#

Configuration Steps (CLI)#

1. Configure the Failover Interface#

2. Assign the Failover LAN Interface#

3. Configure the State Link (Optional but Recommended)#

4. Enable Failover#

5. Configure the Secondary Unit#

6. Verify Failover Status#

Configuration Steps (ASDM)#

Overview

Video Walkthrough

Prerequisites

Configuration Steps (CLI)

1. Configure the Failover Interface

2. Assign the Failover LAN Interface

3. Configure the State Link (Optional but Recommended)

4. Enable Failover

5. Configure the Secondary Unit

6. Verify Failover Status

Configuration Steps (ASDM)