Cisco FirePOWER ASA 5500 series Configuration Manual page 221

Chapter 14 Configuring Failover
You do not need to bootstrap the secondary unit in the failover pair when you use cable-based failover.
Leave the secondary unit powered off until instructed to power it on.
Cable-based failover is only available on the PIX 500 series security appliance.
To configure cable-based Active/Standby failover, perform the following steps:
Step 1 Connect the Failover cable to the PIX 500 series security appliances. Make sure that you attach the end
of the cable marked "Primary" to the unit you use as the primary unit, and that you attach the end of the
cable marked "Secondary" to the other unit.
Power on the primary unit.
Step 2
Step 3 If you have not done so already, configure the active and standby IP addresses for each data interface
(routed mode), for the management IP address (transparent mode), or for the management-only
interface. The standby IP address is used on the security appliance that is currently the standby unit. It
must be in the same subnet as the active IP address.
Note
hostname(config-if)# ip address active_addr netmask standby standby_addr
In routed firewall mode and for the management-only interface, this command is entered in interface
configuration mode for each interface. In transparent firewall mode, the command is entered in global
configuration mode.
In multiple context mode, you must configure the interface addresses from within each context. Use the
changeto context command to switch between contexts. The command prompt changes to
hostname/context(config-if)#
management IP address for each context in transparent firewall multiple context mode.
(Optional) To enable Stateful Failover, configure the Stateful Failover link.
Step 4
Note
Specify the interface to be used as the Stateful Failover link:
a.
hostname(config)# failover link if_name phy_if
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The
phy_if argument can be the physical port name, such as Ethernet1, or a previously created
subinterface, such as Ethernet0/2.3. This interface should not be used for any other purpose.
Assign an active and standby IP address to the Stateful Failover link:
b.
hostname(config)# failover interface ip if_name ip_addr mask standby ip_addr
Note
The standby IP address must be in the same subnet as the active IP address. You do not need to
identify the standby IP address subnet mask.
OL-10088-01
Do not configure an IP address for the Stateful Failover link if you are going to use a dedicated
Stateful Failover interface. You use the failover interface ip command to configure a dedicated
Stateful Failover interface in a later step.
, where context is the name of the current context. You must enter a
Stateful Failover is not available on the ASA 5505 series adaptive security appliance.
If the Stateful Failover link uses a data interface, skip this step. You have already defined the
active and standby IP addresses for the interface.
Cisco Security Appliance Command Line Configuration Guide
Configuring Failover
14-19