ASA - Clustering

Configuration examples for ASA Clustering

Individual interfaces (L3) Clustering

Master Unit
cluster interface-most indiviual force
!
ip local pool C_MPOOL 10.100.100.201/10.100.100.204 mask 255.255.255.0
ip local pool C_INPOOL 172.16.10.201-172.16.10.204 mask 255.255.255.0
ip local pool C_OUTPOOL 192.168.20.201-192.168.20.204 mask 255.255.255.0
!
int m0/0
 ip address 10.100.100.10 255.255.255.0 cluster-pool C_MPOOL
int g0/1
 ip address 172.16.10.10 255.255.255.0 cluster-pool C_INPOOL
int g0/2
 ip address 192.168.20.10 255.255.255.0 cluster-pool C_OUTPOOL
!
int g0/3
 no shut
!
cluster group CLUSTER
 local-unit ASA1
 priority 1
 cluster-interface g0/3 ip 10.0.0.1 255.255.255.0
 enable
!
prompt hostname context cluster-unit

Slave Unit
cluster interface-mode individual force
!
interface g0/3
 no shut
!
cluster group CLUSTER
 local-unit ASA2
 priority 20
 cluster-interface g0/3 ip 10.0.0.2 255.255.255.0
 enable as-slave

Spanned Etherchannel (L2) Clustering

Master Unit
cluster interface mode spanned force
!
ip local pool C_MPOOL 10.100.100.201-10.100.100.204 mask 255.255.255.0
!
interface m0/0
 ip address 10.100.100.10 255.255.255.0 cluster-pool C_MPOOL
!
!
int g0/0
 channel-group 10 mode active
 no shut
inter g0/1
 channel-group 10 mode active
 no shut
interface port-channel 10
 port-cahnnel span-cluster
 ip address 172.16.10.10 255.255.255.0
 nameif OUTSIDE
 security-level 0
 no shut
!
!
int g0/2
 channel-group 20 mode active
 no shut
int g0/3
 channel-group 20 mode active
 no shut
interface port-channel 20
 port-cahnnel span-cluster
 ip address 192.168.20.10 255.255.255.0
 nameif INSIDE
 security-level 100
 no shut
!
!
interface g0/4
 no shut
!
cluster group CLUSTER
 local-unit ASA01
 cluster-interface g0/4 ip 10.0.0.1 255.255.255.0
 priority 1
 enable
!
port-channel load-balance src-dst-ip

Slave Unit
cluster interface mode spanned
!
interface g0/4
 no shut
!
cluster group CLUSTER
 local-unit ASA02
 cluster-interface g0/4 ip 10.0.0.2 255.255.255.0
 priority 20
 enable as-slave