cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


251
Views
15
Helpful
3
Replies
Engager

Standby IP for Active-Standby Context Firewall

hi,

i'm going to migrate a standalone ASA5520 Context FW to a ASA5525-x HA.

my question is, can i configure the ASA5525-X context with just a single 'outside' IP? this is due to broken or discontiguous IP assignment.

will failover work to the secondary 5525-X FW even without the standby outside IP?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Standby IP for Active-Standby Context Firewall

You don't need to get two IP address to make HA work.

# interface gi0/0
# nameif inside
# ip address <primary ip> standby <secondary ip>

The primary ASA always use the primary IP address, when it fail-over to another ASA, it will pick up the primary IP.

The secondary IP is for you to access the standby unit, have no special function on control plane / data plane.

 

That's mean, the following configuration should also work well.

 

# interface gi0/0
# nameif inside
# ip address <primary ip>

3 REPLIES 3
Highlighted
Beginner

Re: Standby IP for Active-Standby Context Firewall

You don't need to get two IP address to make HA work.

# interface gi0/0
# nameif inside
# ip address <primary ip> standby <secondary ip>

The primary ASA always use the primary IP address, when it fail-over to another ASA, it will pick up the primary IP.

The secondary IP is for you to access the standby unit, have no special function on control plane / data plane.

 

That's mean, the following configuration should also work well.

 

# interface gi0/0
# nameif inside
# ip address <primary ip>

VIP Advisor

Re: Standby IP for Active-Standby Context Firewall

Yes it will work, I tested this couple of times
Beginner

Re: Standby IP for Active-Standby Context Firewall

I did testing just now, that should work like others said. i gives warning but everything should be fine.


 

Please rate comments and support
with regards,
Venkat