Basicly we already create active Pasive failover in previuse lab.
in active-active failover basicly same configuration with active pasive configuration.
First we need create virtual context to handle different dept for instance. in this case
we create Virtual Context name ctx-1 and ctx-2.
ctx1 = primary in cassis 1 and secondary in cassis 2
ctx2 = primary in cassis 2 and secondary in cassis 1
we can assume that this each ctx are handling different Department or organization in our infrastructure.
here the example configuration:
ASA1
============
failover lan unit primary failover lan interface fail-config GigabitEthernet3 failover link fail-state GigabitEthernet4 failover interface ip fail-config 1.1.1.1 255.255.255.252 standby 1.1.1.2 failover interface ip fail-state 2.2.2.1 255.255.255.252 standby 2.2.2.2 failover group 1 preempt 120 primary failover group 2 secondary preempt 120 no asdm history enable arp timeout 14400 console timeout 0 ! tls-proxy maximum-session 11000 !
admin-context ctx-1 context ctx-1 allocate-interface GigabitEthernet0 ctx1_outside allocate-interface GigabitEthernet1 ctx1_inside config-url disk0:/ctx1.cfg join-failover-group 1 !
context ctx-2 allocate-interface GigabitEthernet0 ctx2_outside allocate-interface GigabitEthernet2 ctx2_inside config-url disk0:/ctx2.cfg join-failover-group 2 ! failover
ASA2
=========
failover lan unit sec failover lan interface fail-config GigabitEthernet3 failover link fail-state GigabitEthernet4 failover interface ip fail-config 1.1.1.1 255.255.255.252 standby 1.1.1.2 failover interface ip fail-state 2.2.2.1 255.255.255.252 standby 2.2.2.2 failover group 1 Primary preempt 120 failover group 2 secondary preempt 120 no asdm history enable arp timeout 14400 console timeout 0 ! tls-proxy maximum-session 11000 !
admin-context ctx-1 context ctx-1 allocate-interface GigabitEthernet0 ctx1_outside allocate-interface GigabitEthernet1 ctx1_inside config-url disk0:/ctx1.cfg join-failover-group 1 !
context ctx-2 allocate-interface GigabitEthernet0 ctx2_outside allocate-interface GigabitEthernet2 ctx2_inside config-url disk0:/ctx2.cfg join-failover-group 2 ! failover