https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015280#M416686 <HTML><HEAD></HEAD><BODY><P>Hello Mikull,</P><P></P><P>For a good desing ( Check the status of all the network interfaces) you do need it as failover is based on the exchange of hello packets between both the primary and secondary boxes.</P><P></P><P><STRONG>Any other question.. Let me know.. Just remember to rate all of my answers.</STRONG></P><P></P><P>Julio</P></BODY></HTML> Wed, 12 Sep 2012 22:24:07 GMT Julio Carvajal 2012-09-12T22:24:07Z https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015278#M416684 <P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">hey folks,</SPAN></P><P></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">I have these two brand spanking 5540's which would be configured in a HA design(Active/Standby)</SPAN></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">The only bugger is this client has no spare IP's which can be used on the inside nor the outside.</SPAN></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">Yes, all I have been given is two IP's(inside and outside)</SPAN></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">I plan to use gig4 for command replication and monitoring</SPAN></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">Yes, the design is such that these two new ASA's would be a second layer of security.</SPAN></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">Now, is it absolutely necessary to have a secondary IP on the inside interface for the failover to occur or just a standby IP on the dedicated management interface is enough for the failover to happen?</SPAN></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">Also, can someone let me know where ASA support interface tracking and punishing the active or standby device to give-up it's active state?</SPAN></P><P></P><P><SPAN style="font-family: calibri,verdana,arial,sans-serif;">thanks.</SPAN></P> Fri, 21 Feb 2020 12:44:11 GMT https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015278#M416684 mikull.kiznozki 2020-02-21T12:44:11Z https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015279#M416685 <HTML><HEAD></HEAD><BODY><P>i mean standby ip and not a secondary ip <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Tue, 11 Sep 2012 05:43:53 GMT https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015279#M416685 mikull.kiznozki 2012-09-11T05:43:53Z https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015280#M416686 <HTML><HEAD></HEAD><BODY><P>Hello Mikull,</P><P></P><P>For a good desing ( Check the status of all the network interfaces) you do need it as failover is based on the exchange of hello packets between both the primary and secondary boxes.</P><P></P><P><STRONG>Any other question.. Let me know.. Just remember to rate all of my answers.</STRONG></P><P></P><P>Julio</P></BODY></HTML> Wed, 12 Sep 2012 22:24:07 GMT https://community.cisco.com/t5/network-security/asa-new-ha-design-limitations/m-p/2015280#M416686 Julio Carvajal 2012-09-12T22:24:07Z