For this configuration, I am assuming you already have the Primary ASA configured and working. I’m also assuming the Secondary ASA interfaces are also configured.
PRIMARY ASA
1. Setup failover interface on Primary ASA
enable config t failover lan unit primary interface gigabitEthernet 0/3 no shutdown
2. Assign the failover IP Address on Primary Cisco ASA
failover lan interface FAILOVER gigabitethernet0/3 failover interfaces ip FAILOVER 10.10.10.1 255.255.255.0 standby 10.10.10.2 failover key MYfailKEY failover link FAILOVER
3. Assign the standby Outside IP Address on Primary Cisco ASA
Since the ASA is already configured with an External IP Address, you will have to add “standby {SECONDARY ASA IP ADDRESS}”
interface gigabitEthernet 0/0 ip address 66.12.100.191 255.255.255.224 standby 66.12.100.192
4. Assign the Internal IP Address on Primary Cisco ASA
Do the same thing here you did for the External IP Address with the “standby {SECONDARY ASA IP ADDRESS}”
interface gigabitEthernet 0/1 ip address 172.16.10.1 255.255.255.0 standby 172.16.10.2
5. If necessary, enable monitoring on SubInterfaces on Primary Cisco ASA
By default, monitoring physical interfaces is enabled and monitoring subinterfaces is disabled. You can monitor up to 250 interfaces on a unit. You can control which interfaces affect your failover policy by disabling the monitoring of specific interfaces and enabling the monitoring of others. This lets you exclude interfaces attached to less critical networks from affecting your failover policy.
monitor-interface if_name
You can turn off monitoring the management interface:
no monitor management
6. Enable failover
conf t failover
7. Verify
show failover
SECONDARY ASA
6. Setup failover interface on Secondary Primary ASA
config t no failover failover lan unit secondary interface gigabitEthernet 0/3 no nameif no shutdown failover lan interface FAILOVER gigabitEthernet0/3
7. Assign the failover IP Address on Secondary ASA using FAILOVER
failover interface ip FAILOVER 10.10.10.1 255.255.255.0 standby 10.10.10.2 failover key MYfailKEY failover link FAILOVER failover
8. Automatic Configuration Copy from Primary Cisco ASA to Secondary Cisco ASA
All other configurations are automatically copied from the primary Cisco ASA device to the standby Cisco ASA device using the following commands:
config t interface gigabitEthernet 0/3 no shutdown
9. Verify
show failover
NOTES:
Remember if you are using Subinterfaces, you have to use the “monitor-session” command to monitor those interfaces.
If you are using Subinterfaces and VLANs on the primary, make sure the Seconday also have those Subinterfaces and VLANs.