Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1702
Views
0
Helpful
2
Replies

Cisco ASA failover arp issues

davidbuit
Level 1
Level 1

‎01-03-2012 09:08 PM - edited ‎03-11-2019 03:09 PM

Hi,

I am having a problem with address translation on a pair of Cisco ASA firewalls when they failover.

The current setup has 2 x Cisco ASA5520 firewalls configured in active/standby failover. I have address translation configured on the ASA using both the interface address (e.g. 1.1.1.1 for SMTP and WWW) as well as another range of IP's that is being routed to the firewalls (e.g. 2.2.2.0/24 for various ports). When the firewalls failover I can reach SMTP and WWW for the address 1.1.1.1 but the 2.2.2.x addresses aren't available. The upstream layer 3 switches are updating the arp tables for the 1.1.1.1 address but not for the 2.2.2.x range.

Has anyone experienced this problem?  I was thinking of using an asr-group but this only appears to be relevant for active/active failover configuration?

Any assistance is much appreciated.

Labels:
0 Helpful
2 Replies 2

fb_webuser
Level 6
Level 6

‎01-03-2012 09:45 PM

Are the Internet links and outside interfaces of the FWs in one VLAN and the inside side of the ASAs is another VLAN (in case both sides of the FWs are connecting to the same switch). What is the OS version of the ASA?

---

Posted by WebUser Dennis Ariel

0 Helpful

davidbuit
Level 1
Level 1
In response to fb_webuser

‎01-03-2012 09:54 PM

Hi, they are running 8.4(2).

The outside is connected to different switches using the same VLAN and HSRP as the upstream gasteway. The inside is connected to two different switches internally using one VLAN and no routing on the switches.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card