Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
2
Replies

ASA Active / Standby failover - addressing query?

Go to solution
jason.scott
Level 1
Level 1

‎04-05-2007 02:57 AM - edited ‎03-11-2019 02:56 AM

In an active / standby failover setup how do the firewalls present the inside/outside addresses?

In a one device setup you would obviously have one inside address and one outside address. In a two device setup do the devices share the inside and outside address in some fashion akin to HSRP?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sebastan_bach
Level 4
Level 4

‎04-05-2007 03:14 AM

hi there is no concept of hsrp out here or virtual ip address.

in failover the primary pix or asa is configured with their inside and outside interfaces. now the the ip address of the other asa has to be in the same subnet as the primary pix but not the same ip address.

the users on the inside will set their default-gateway as the inside ip address of the pix. when the primary goes down. the standy pix takes over the ip address and mac-address of the primary pix.and the primary pix takes over the mac-address and ip address of the standby pix.

example:

primary pix

inside address 10.1.1.1/24

then inside address of secondary pix 10.1.1.2/24

similarly for outside and failover interfaces.

hope this helps.

regards

sebastan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
sebastan_bach
Level 4
Level 4

‎04-05-2007 03:14 AM

hi there is no concept of hsrp out here or virtual ip address.

in failover the primary pix or asa is configured with their inside and outside interfaces. now the the ip address of the other asa has to be in the same subnet as the primary pix but not the same ip address.

the users on the inside will set their default-gateway as the inside ip address of the pix. when the primary goes down. the standy pix takes over the ip address and mac-address of the primary pix.and the primary pix takes over the mac-address and ip address of the standby pix.

example:

primary pix

inside address 10.1.1.1/24

then inside address of secondary pix 10.1.1.2/24

similarly for outside and failover interfaces.

hope this helps.

regards

sebastan

0 Helpful

Go to solution
jason.scott
Level 1
Level 1
In response to sebastan_bach

‎04-05-2007 03:32 AM

Ah, that explains it perfectly, thank you Sebastan. I do find a lot of the documentation to be a little obscure sometimes! :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card