Proceed with configuring the active unit first. Specify the failover addresses for each interface and don't forget to include the "management-only" interface! This is crucial to allow remote access VPN connections to fail over (it took me a while to finally solve this issue, and it is not documented anywhere!)
interface GigabitEthernet 0/1
nameif inside
ip address 10.35.0.1 255.255.255.0 standby 10.35.0.2
failover lan unit primary
failover lan interface failcheck GigabitEthernet1/0
failover key *****
failover replication http
failover link failcheck GigabitEthernet1/0
failover interface ip failcheck 10.10.10.1 255.255.255.0 standby 10.10.10.2
failover
If you wish, you can dedicate an interface to failover "link" for stateful failover purposes. It will need its own IP addressing of course.
On the backup appliance, you need only configure the failover interface(s) and addressing and enable failover.
No comments:
Post a Comment