In order to sucessfully configure Active/Active failover on 2 ASAs
requires that you run multiple contexts on each device. If you do not
have multiple contexts the default is Active/Standby (which appears to
be what you are seeing).

Cisco has a nice write up of how to setup Active/Active on their website
check out


-----Original Message-----
[] On Behalf Of
Keith A. Glass
Sent: Friday, November 16, 2007 8:42 AM
Subject: [fw-wiz] Active-Active Single-context Failover on an ASA 5550

I'm attempting to create an Active-Active failover configuration on a
pair of ASA 5550s.

Problem is, when I try clustering them up, I see the unconfigured
secondary come up and take over the cluster, replacing the ruleset on
the primary with the basic clustering setup config of the secondary

Basic config is 10.x.y.z /28 as internal, 10.x.y.a/240 as external, with
the State failovers on /24 and LAN Failovers as /24

Failovers are cabled with crossovers. and the int and ext addresses as
on the switch.

Any suggestions ???? Any idea what I'm doing wrong ??


firewall-wizards mailing list
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged.
If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
firewall-wizards mailing list