Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
1
Replies

cisco ASA active/standby failover configration

darkdesire.cisco
Level 1
Level 1

‎01-29-2015 10:00 PM - edited ‎03-11-2019 10:25 PM

HI Guys,

I have attached my network design. we have 2 DC( Active/stnaby) and both having different subnets.

 

I have concern about  failover and interface configuration. as these are in the different subnet what should be the interface IP address?

 

can you please review the diagram and provide me your inputs..I have taken 10.1.1.0/24 for primary Firewall and 10.1.2.0/24 for standby firewall. 

these subnet should be of inside interfaces.

For outside we can take 20.1.1.0/24 and 20.1.2.0/24.

 

 

Thanks for inputs. 

Labels:
Preview file
139 KB
0 Helpful
1 Reply 1

joe19366
Level 1
Level 1

‎01-30-2015 10:26 PM

that is not a valid active/standby design.

 

all firewall MUST be in the same subnet.

 

"failover" is a layer2 protocol and designed to monitor interfaces on peer firewalls in the SAME SUBNETS ONLY.

 

I suggest you read this 

 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_failover.html#pgfId-1077543

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card