In order to sucessfully configure Active/Active failover on 2 ASAs
requires that you run multiple contexts on each device. If you do not
have multiple contexts the default is Active/Standby (which appears to
be what you are seeing).

Cisco has a nice write up of how to setup Active/Active on their website
check out


I'm attempting to create an Active-Active failover configuration on a
pair of ASA 5550s.

Problem is, when I try clustering them up, I see the unconfigured
secondary come up and take over the cluster, replacing the ruleset on
the primary with the basic clustering setup config of the secondary

Basic config is 10.x.y.z /28 as internal, 10.x.y.a/240 as external, with
the State failovers on /24 and LAN Failovers as /24

Failovers are cabled with crossovers. and the int and ext addresses as
on the switch.

Any suggestions ???? Any idea what I'm doing wrong ??


