09-03-2018 03:22 AM - edited 02-21-2020 08:11 AM
Hello,
In ASA failover all interfaces whether they are monitored or not (using no monitor-interface)
will switch their ip addresses when failover occurs or via 'failover active "command.
my question is :
Is there any possible way by which we can fix the mgmt ips' not to switch upon failover trigger
I feel mgmt ip should be fixed, no matter failover occurs or not. Its the primary identity attribute of the device to access it so it shouldn't swapable .
----------------------------------------------------------------
This host: Secondary - Standby Ready
Active time: 3 (sec)
Interface outside (20.1.1.2): Normal (Monitored)
Interface inside (10.1.11.2): Normal (Monitored)
Interface mgmt (150.1.7.54): Normal (Not-Monitored)
Other host: Primary - Active
Active time: 45 (sec)
Interface outside (20.1.1.1): Normal (Monitored)
Interface inside (10.1.11.1): Normal (Monitored)
Interface mgmt (150.1.7.53): Normal (Not-Monitored)
Thanks in advance
09-03-2018 12:47 PM
Hopefully this information help you to understand Failover triggers
09-03-2018 04:49 PM
Hi,
There is no way to configure this on the ASA. This is one weakness with the ASA. Hope Cisco can fix this. There should be certain configuration info (like device name, management address) that is not replicated across. I should be able to name my firewalls DC1-Firewall and DC2-Firewall, and during failover, i should be able to tell which datacentre firewall is active
Thanks
John
09-03-2018 06:59 PM
If you configure the management interface separately on each member of the pair (i.e. don't use the standby parameter when setting up the management interface ip addresses), it should not swap when failover occurs.
Additionally you can change the device prompt to include the state (active or standby).
09-03-2018 10:09 PM
08-24-2020 07:18 AM
I confirm it works, untill you reload.
Did you test a reload on both units ?
I'm using version 9.12
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide