Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1521
Views
0
Helpful
4
Replies

ASA 5525 failover

Go to solution
Maurice Ball
Level 3
Level 3

‎02-13-2013 09:00 AM - edited ‎03-11-2019 06:00 PM

I need to setup an ASA 5525 in Active/Standby failover mode. I am setting up the ASA for a company that purchased only one public IP address. The public IP address is assigned to the outside interface. My question is will failover work correctly if I don't use a secondary IP address on the failover configuration on the outside interface?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Maurice Ball

‎02-14-2013 09:09 PM

Yes, it monitors the interface using the interface IP Address and when it detects no link on that interface, it will declare that the peer is down. If you don't have an ip address on the standby unit, it won't be able to check that it is UP to start with, hence won't be monitored or it will always declare that its peer is down.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-14-2013 06:12 AM

You can still configure failover and monitor other interfaces but the outside interface since there is no ip address assigned as the secondary failover IP.

However if the outside interface fail, it will not be detected by the ASA failover feature.

0 Helpful

Go to solution
Maurice Ball
Level 3
Level 3
In response to Jennifer Halim

‎02-14-2013 12:14 PM

Are you saying even if I disconnect the ethernet cable that is connected to the primary ASA outside interface, the primary ASA still will not failover to the secondary ASA because I did not have a secondary IP address on the outside interface?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Maurice Ball

‎02-14-2013 09:09 PM

Yes, it monitors the interface using the interface IP Address and when it detects no link on that interface, it will declare that the peer is down. If you don't have an ip address on the standby unit, it won't be able to check that it is UP to start with, hence won't be monitored or it will always declare that its peer is down.

0 Helpful

Go to solution
Maurice Ball
Level 3
Level 3
In response to Jennifer Halim

‎02-19-2013 07:52 AM

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card