08-17-2018 01:43 PM - edited 02-21-2020 08:07 AM
Hello Everyone,
I am configuring two ASAs in fail over mode but there's is a constrain. We only have one public IP. Will it be possible to configure the same WAN IP on both primary and secondary ASAs?
If the primary ASA fails, I plan on just moving the ISP cable over to the secondary. I know this is not ideal but I have to work with this for now.
I tried to add the IP on the secondary ASA but it does not show in the "show interfaces ip brief"
It does show under the show run int.
Thank you,
08-17-2018 02:44 PM
In situations like these, you connect both ASA outside interfaces and the ISP-router to a switch. The outside-interface is configured without a standby-address. Failover will still work in this scenario.
08-22-2018 06:43 AM
Hello Karsten,
If I don't put a standby IP on the primary ASA, the secondary doesn't get an IP on its outside interface. My question is: How is the Secondary ASA going to know to forward traffic out to the internet without an IP address on its outside interface.
Thank you,
08-23-2018 02:01 AM
The standby IP is only for sending monitoring-packets between the two ASAs. If the active unit fails, the standby unit will take over the configured IP-address and use it. Configuring it this way is a common situation when the ISP only assigns a /30 to the customer but the ASA has to operate in HA-mode.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide