Cisco ASA 1000V ASDM Configuration Guide, 6.7
Using the High Availability and Scalability Wizard
Downloads: This chapterpdf (PDF - 113.0KB) The complete bookPDF (PDF - 11.09MB) | Feedback

Using the High Availability and Scalability Wizard

Table Of Contents

Using the High Availability and Scalability Wizard

Information About the High Availability and Scalability Wizard

Prerequisites for the High Availability and Scalability Wizard

Configuring Failover with the High Availability and Scalability Wizard

Accessing the High Availability and Scalability Wizard

Configuring Active/Standby Failover with the High Availability and Scalability Wizard

High Availability and Scalability Wizard Screens

Configuration Type

Failover Peer Connectivity and Compatibility Check

Failover Link Configuration

State Link Configuration

Standby Address Configuration

Summary

Feature History for the High Availability and Scalability Wizard


Using the High Availability and Scalability Wizard


The High Availability and Scalability Wizard guides you through configuring failover with high availability. This chapter includes the following sections:

Information About the High Availability and Scalability Wizard

Prerequisites for the High Availability and Scalability Wizard

Configuring Failover with the High Availability and Scalability Wizard

Feature History for the High Availability and Scalability Wizard

Information About the High Availability and Scalability Wizard

For more information about failover, see Chapter 7 "Configuring Active/Standby Failover."

Prerequisites for the High Availability and Scalability Wizard

To complete the High Availability and Scalability Wizard, make sure that you have the following information available:

LAN failover settings and stateful failover settings, including the following:

Interface name

Active IP address of the primary unit and secondary unit

Subnet mask of the primary unit and secondary unit

Logical name

Role (either primary or secondary)

A 32-character shared key in hexadecimal format (optional) for encrypted communicatoin on the failover link

Configuring Failover with the High Availability and Scalability Wizard

This section explains how to use the wizard and contains the following topics:

Accessing the High Availability and Scalability Wizard

Configuring Active/Standby Failover with the High Availability and Scalability Wizard

High Availability and Scalability Wizard Screens

Accessing the High Availability and Scalability Wizard

From the ASDM main application window, access the High Availability and Scalability Wizard by choosing one of the following:

Wizards > High Availability and Scalability Wizard

Configuration > Device Management > High Availability > HA/Scalability Wizard, and then click Launch High Availability and Scalability Wizard.

To move to the next screen of the wizard, click Next. You must complete the required fields of each screen before you may proceed to the next one.

To return to a previous screen of the wizard, click Back. If settings added in later screens of the wizard are not affected by the changes that you made to an earlier screen, that information remains on the screen as you proceed through the wizard again. You do not need to reenter it.

To leave the wizard at any time without saving any changes, click Cancel.

To send configuration settings to the ASA 1000V in the Summary screen of the wizard, click Finish.

To obtain additional online information, click Help.

Configuring Active/Standby Failover with the High Availability and Scalability Wizard

The following procedure provides a high-level overview for configuring Active/Standby failover using the High Availability and Scalability Wizard. Each step in the procedure corresponds to a wizard screen. Click Next after completing each step, except for the last one, before proceeding to the next step. Each step also includes a reference to additional information that you may need to complete the step.


Step 1 In the Configuration Type screen, click Configure Active/Standby failover.

See Configuration Type for more information about this screen.

Step 2 Enter the IP address of the failover peer on the Failover Peer Connectivity and Compatibility Check screen. Click Test Compatibility. You cannot move to the next screen until all compatibility tests have been passed.

See Failover Peer Connectivity and Compatibility Check for more information about this screen.

Step 3 Define the Failover Link in the Failover Link Configuration screen.

See Failover Link Configuration for more information about this screen.

Step 4 Define the Stateful Failover link in the State Link Configuration screen.

See State Link Configuration for more information about this screen.

Step 5 Add standby addresses to the ASA 1000V interfaces in the Standby Address Configuration screen.

See Standby Address Configuration for more information about this screen.

Step 6 Review your configuration in the Summary screen. If necessary, click Back to go to a previous screen and make changes.

See Summary for more information about this screen.

Step 7 Click Finish.

The failover configuration is sent to the ASA 1000V and to the failover peer.


High Availability and Scalability Wizard Screens

The High Availability and Scalability Wizard guides you through a step-by-step process of creating an Active/Standby failover configuration.

As you go through the wizard, screens appear according to the type of failover that you are configuring and the hardware platform that you are using.

This section includes the following topics:

Configuration Type

Failover Peer Connectivity and Compatibility Check

Failover Link Configuration

State Link Configuration

Standby Address Configuration

Summary

Configuration Type

The Configuration Type screen lets you select the type of failover configuration. The Firewall Software Profile area shows the following display-only information:

Number of interfaces available on the ASA 1000V.

Version of the platform software on the ASA 1000V.

Failover Peer Connectivity and Compatibility Check

The Failover Peer Connectivity and Compatibility Check screen lets you verify that the selected failover peer is reachable and compatible with the current unit. If any of the connectivity and compatibility tests fail, you must correct the problem before you can proceed with the wizard.

To check failover peer connectivity and compatibility, perform the following steps:


Step 1 Enter the IP address of the peer unit. This address does not have to be the failover link address, but it must be an interface that has ASDM access enabled on it.

Step 2 Click Next to perform the following connectivity and compatibility tests:

Connectivity test from this ASDM to the peer ASA 1000V

Connectivity test from this firewall device to the peer firewall device

Software version compatibility


Failover Link Configuration

The Failover Link Configuration screen appears only if you are configuring LAN-based failover.

To configure LAN-based failover, perform the following steps:


Step 1 Choose the LAN interface to use for failover communication from the drop-down list.

Step 2 Enter a name for the interface.

Step 3 Enter the IP address used for the failover link on the ASA 1000V that has failover group 1 in the active state.

Step 4 Enter the IP address used for the failover link on the ASA 1000V that has failover group 1 in the standby state.

Step 5 Enter or choose a subnet mask for the Active IP and Standby IP addresses.

Step 6 (Optional) Enter the secret key used to encrypt failover communication. If you leave this field blank, failover communication, including any passwords or keys in the configuration that are sent during command replication, will be in clear text.


State Link Configuration

The State Link Configuration screen lets you enable and disable Stateful Failover, and configure Stateful Failover link properties.

To enable Stateful Failover, perform the following steps:


Step 1 To pass state information across the LAN-based failover link, click Use the LAN link as the State Link.

Step 2 To disable Stateful Failover, click Disable Stateful Failover.

Step 3 To configure an unused interface as the Stateful Failover interface, click Configure another interface for Stateful failover.

Step 4 Choose the interface to use for Stateful Failover communication from the drop-down list.

Step 5 Enter the name for the Stateful Failover interface.

Step 6 Enter the IP address for the Stateful Failover link on the ASA 1000V that has failover group 1 in the active state.

Step 7 Enter the IP address for the Stateful Failover link on the ASA 1000V that has failover group 1 in the standby state.

Step 8 Enter or choose a subnet mask for the Active IP and Standby IP addresses.


Standby Address Configuration

Use the Standby Address Configuration screen to assign standby IP addresses to the interface on the ASA 1000V. The interfaces currently configured on the failover devices appear.

To assign standby IP addresses to the interface on the ASA 1000V, perform the following steps:


Step 1 Click the plus sign (+) by a device name to display the interfaces on that device. Click the minus sign (-) by a device name to hide the interfaces on that device.

Step 2 Click the plus sign (+) by a device to expand the list. Click the minus sign (-) by a device to collapse the list.

Step 3 Double-click the Active IP field to edit or add an active IP address. Changes to this field also appear in the Standby IP field for the corresponding interface on the failover peer ASA 1000V.

Step 4 Double-click the Standby IP field to edit or add a standby IP address. Changes to this field also appear in the Active IP field for the corresponding interface on the failover peer ASA 1000V.

Step 5 Check the Is Monitored check box to enable health monitoring for that interface. Uncheck the check box to disable health monitoring. By default, health monitoring of physical interfaces is enabled, and health monitoring of virtual interfaces is disabled.

Step 6 Choose the asynchronous group ID from the drop-down list. This setting is only available for physical interfaces. For virtual interfaces, this field displays "None."


Summary

The Summary screen displays the results of the configuration steps that you performed in the previous wizard screens.

Verify your settings and click Finish to send your configuration to the device. If you are configuring failover, the configuration is also sent to the failover peer. If you need to change a setting, click Back to return to the screen that you want to change. Make the change, and click Next until you return to the Summary screen.

Feature History for the High Availability and Scalability Wizard

Table 6-1lists each feature change and the platform release in which it was implemented. ASDM is backwards-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.

Table 6-1 Feature History for the High Availability and Scalability Wizard

Feature Name
Platform Releases
Feature Information

High Availability and Scalability Wizard

8.7(1)

VPN load balancing is not supported.