Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1013
Views
0
Helpful
2
Replies

ASA - New HA Design - Limitations

mikull.kiznozki
Level 1
Level 1

‎09-10-2012 09:29 PM - edited ‎02-21-2020 04:44 AM

hey folks,

I have these two brand spanking 5540's which would be configured in a HA design(Active/Standby)

The only bugger is this client has no spare IP's which can be used on the inside nor the outside.

Yes, all I have been given is two IP's(inside and outside)

I plan to use gig4 for command replication and monitoring

Yes, the design is such that these two new ASA's would be a second layer of security.

Now, is it absolutely necessary to have a secondary IP on the inside interface for the failover to occur or just a standby IP on the dedicated management interface is enough for the failover to happen?

Also, can someone let me know where ASA support interface tracking and punishing the active or standby device to give-up it's active state?

thanks.

0 Helpful
2 Replies 2

mikull.kiznozki
Level 1
Level 1

‎09-10-2012 10:43 PM

i mean standby ip and not a secondary ip

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mikull.kiznozki

‎09-12-2012 03:24 PM

Hello Mikull,

For a good desing ( Check the status of all the network interfaces) you do need it as failover is based on the exchange of hello packets between both the primary and secondary boxes.

Any other question.. Let me know.. Just remember to rate all of my answers.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card