Filter
Top Products
49-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 49 Configuring Failover
Basic Failover Configuration
• Additional Steps for an Active/Standby Failover Configuration, page 49-9
• Failover Policies, page 49-10
Step 1 Ensure Device View is your present application view; if necessary, click the Device View button on the
toolbar.
Note For more information on using the Device View to configure device policies, see Managing
Policies in Device View and the Site-to-Site VPN Manager, page 5-28.
Step 2 Select the appliance you want to configure.
Step 3 Expand the Platform entry in the Device Policy selector, then expand Device Admin and select
Failover.
The Failover page is displayed.
Step 4 (PIX only) Choose the Failover Method: Serial Cable or LAN Based. If you choose Serial Cable, the
LAN Failover settings are disabled; be sure the cable connecting the two devices is in place.
Step 5 Select Enable Failover to enable failover on this appliance.
Step 6 (Optional) Click the Settings button to open the Settings dialog box for the selected device. The contents
of the Settings dialog box depend on the type of device, and whether it is operating in single or multiple
mode—some options may not be available. Refer to the following sections:
• Settings Dialog Box, page 49-20 (ASA/PIX 7+)
• Advanced Settings Dialog Box, page 49-15 (FWSM)
Step 7 Click the Bootstrap button to open the Bootstrap configuration for LAN failover dialog box, which
provides bootstrap configurations that can be applied to the primary and secondary devices in a LAN
failover configuration. See Bootstrap Configuration for LAN Failover Dialog Box, page 49-26 for more
information.
Step 8 (Multiple-context devices only) In the Configuration section, select the failover mode: Active/Active or
Active/Standby.
Step 9 (Optional) Follow these steps to configure an interface for LAN Failover communications between the
two devices:
a. Assign a device Interface for LAN-based communications, and then press the Tab key on your
keyboard to update the page.
On PIX and ASA devices, this drop-down list displays the interfaces defined on the device. You can
type in a port ID (e.g., gigabitethernet1), or you can choose the port if you have already defined the
interface.
On an FWSM, the Interface list is not populated with VLAN IDs; you must enter the numeric ID of
the VLAN you wish to use.
Note In both cases, this cannot be a Named interface, nor can the interface be configured for
PPPoE.
b. Provide a Logical Name for this failover interface.
c. Enter the Active IP address for failover communications.
d. Enter a Standby IP address for failover communications. The Standby IP address is used on the
security appliance that is currently the standby unit.