Cisco ASA Redundant Interfaces Lab with verification and testing

The ASA interface or the switch port that connected to the asa interface might fail, causing the ASA interface to go down, too. To keep an ASA interface to be up and active all the time, you should configure physical interfaces as redundant pairs. Only one of the interfaces is active at any given time; the other interface remains in a standby state. The first physical interface added to a logical redundant interface will become the active interface.

ciscoasa(config)# int redundant 1

ciscoasa(config-if)# member-interface gigabitEthernet 0/2

ERROR: member interface must not have nameif configure.

ciscoasa(config)# int gi0/2

ciscoasa(config-if)# no nameif outside

ciscoasa(config-if)# no ip address

ciscoasa(config-if)# no security-level 0

ciscoasa(config-if)# member-interface gigabitEthernet 0/2

INFO: security-level, IP address and cts manual are cleared on GigabitEthernet0/2.

ciscoasa(config-if)# member-interface gigabitEthernet 0/3

INFO: security-level, IP address and cts manual are cleared on GigabitEthernet0/3.

ciscoasa(config-if)# no shu

ciscoasa(config-if)# nameif outside

INFO: Security level for "outside" set to 0 by default.

ciscoasa(config-if)# ip address 192.168.1.254 255.255.255.0

ciscoasa# ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

No route to host 8.8.8.8

ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 192.168.1.1

ciscoasa(config)# ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 100/100/100 ms

Previous access-lists and nat rules which  are linked to the outside interface are cleared when we create redundant link. Pc 192.168.0.10 can not ping to 8.8.8.8

ciscoasa(config)# nat (inside,outside) source dynamic any interface

Now pc 192.168.0.10 can ping to 8.8.8.8

ciscoasa(config)# sh int redundant 1

Interface Redundant1 "outside", is up, line protocol is up

  Hardware is i82540EM rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        ….

  Redundancy Information:

        Member GigabitEthernet0/2(Active), GigabitEthernet0/3

        Last switchover at 10:57:29 GMT Sep 20 2019

If you shutdoqn int gig0/2, and issue the command again

ciscoasa(config-if)# sh int redundant 1

Interface Redundant1 "outside", is up, line protocol is up

  Hardware is i82540EM rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        …..

  Redundancy Information:

        Member GigabitEthernet0/3(Active), GigabitEthernet0/2

        Last switchover at 11:19:51 GMT Sep 20 2019

If gig0/2 get back to the network, gig0/3 will remains active.