Active/Standby failover enables you to use a standby ASA to take over for a failed unit. When the active unit fails it changes to the standby state while the standby unit changes to the active state. The unit that becomes active assumes the IP addresses and the MAC addresses of the failed unit and starts passing traffic.

In Active/Standby failover, failover occurs on a unit basis, even on systems running in multiple context mode, you can’t failover individual contexts.

Aside from model specific prerequisites, active/standby units have to meet the following:

• Both units must be identical ASAs that are connected to each other through a dedicated failover link and (optionally) a stateful failover link.
• Both units must have the same software configuration and the same license
• Both units must be in the same mode (single or multiple, transparent or routed)

Example configuration
ASA1 Assumptions
Unit: Primary
Failover-Link interfaces: GigabitEthernet0/2
Address (primary -standby): 10.0.0.1/24 – 10.0.0.2/24
Name: FO-Link

ASA2 Assumptions
Unit: Secondary
Failover-Link interfaces: GigabitEthernet0/2
Address (primary -standby): 10.0.0.1/24 – 10.0.0.2/24
Name: FO-Link

Monitor all interfaces (inside, outside)

Configure the Primary Unit (ASA1)
!Don’t forget to enable the interface
interface gig0/2
no shut
!
failover lan unit primary
failover lan interface FO-Link gig0/2
failover link FO-Link gig0/2
failover interface IP FO-Link 10.0.0.1 255.255.255.0 standby 10.0.0.2
!
!monitor the interfaces
monitor-interface inside
monitor-interface outside

Configure the SecondaryUnit (ASA2)
!Don’t forget to enable the interface
interface gig0/2
no shut
!
failover lan unit secondary
failover lan interface FO-Link gig0/2
failover link FO-Link gig0/2
failover interface IP FO-Link 10.0.0.1 255.255.255.0 standby 10.0.0.2

Enable Failover
ASA1 First
failover

ASA2 Next
failover

Forcing Failover
To force the standby unit to become active enter one of the following commands:

failover active
Forces a failover when entered on the standby unit in a failover pair. The standby unit becomes the active unit.

no failover active
Forces a failover when entered on the active unit in a failover pair. The active Unit becomes the standby unit

Monitoring Active/Standby Failover Commands:
show failover – displays information about the failover state of the unit
show monitor-interface – displays info about the monitored interface
show running-config failover – displays the failover commands in the running config