Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
1
Replies

ASA failover active/standby inside and outside configuration

Justin Pascal
Level 1
Level 1

‎08-15-2012 02:16 PM - edited ‎03-11-2019 04:42 PM

Hi all,

Im following this document:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbas

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html#wp1097252

the scenario I have is the following:

Cisco VCS -inside- ASA-a -outside- Cisco VCS-E

                  1.1.1.1         2.2.2.1  

I'm planning to configure active/standby with failover link crossover cable.

If I add a second ASA

It will be linke this:

                  1.1.1.2 ASA-b 2.2.2.2

                                |

                                | 10.10.10.2 (stateful link)

                                |

                                | 10.10.10.1

Cisco VCS -inside- ASA-a -outside- Cisco VCS-E

                  1.1.1.1         2.2.2.1

From document it only uses the outside interface.

[Question]

Do i need to specify my internal IP address to do failover as well?

From DOC:

In this example, the outside interface of the primary PIX is configured this way

hostname(config-if)#ip address 172.16.1.1 255.255.0.0 standby 172.16.1.2

Here, 172.16.1.1 is used for the primary unit outside interface IP address, and 172.16.1.2 assigns to the secondary (standby) unit outside interface.

Thanks

Labels:
0 Helpful
1 Reply 1

rleivaoc
Cisco Employee
Cisco Employee

‎08-15-2012 02:54 PM

By default, all interfaces are monitored. Which menas all enabled interfaces need an standby IP address. I hope this helps.

Rafael

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card