Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
1
Replies

Cisco ASA back-to-back Redundant interface

handsy
Level 1
Level 1

‎06-12-2015 06:43 AM - edited ‎03-11-2019 11:06 PM

Hi all,

This is probably not a specific firewall issue but as it happened on my firewalls I thought I'd post here.

I have 2 ASA5555-X firewalls back-to-back connected via a redundant pair of GigE CAT5 cables. I've configured both firewalls with a redundant interface, with both GigE ports as members on each.

I rebooted one of the firewalls this afternoon but couldn't reach it afterwards.

After a lot of head scratching I decided to shutdown one of the interfaces in the Redundant pair on the 'up' firewall. I did this to force the active interface to move. Lo and behold this fixed the issue, as it now must have connected to the active interface on the 'down' firewall.

Is there no intelligence in redundant interfaces to check which physical interface is active on the other side of the connection before deciding which one should be active on itself??

This seems stupid to me.

 

Any thoughts appreciated

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-13-2015 10:35 PM

Hi,

First question , I hope you have a switch connected in between the ASA devices for the Redundant interfaces ?

That is a requirement. No , There is no mechanism where the ASA redundant interface would check which interface is active on the other end. It works using the logical interface name and the state depends on the link showing up or down.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card