Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5618
Views
1
Helpful
2
Replies

ASA Active/Standby - ip address

Go to solution
rutvijbrahmbhatt
Level 1
Level 1

‎05-13-2020 05:55 PM

Hi,

 

I would like to understand following:

I have two ASAs in Active/Standby mode. The interface configuration has following config:

ip address 172.22.8.178 255.255.255.248 standby 172.22.8.179

 

1. How does standby IP address thing work when the configuration is synced between two ASA??

2. When primary asa fails, secondary asa will take the role of 172.22.8.178 IP, then what is the meaning of having 172.22.8.179?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎05-14-2020 08:47 AM

Part of the original post asked how the addressing works in a failover event. I think it is helpful to begin by reviewing some terminology. The terms are primary/secondary and active/standby. When you configure the ASAs you identify one as primary and the other as secondary. The primary will use address 172.22.8.178 while the secondary uses 172.22.8.179. When the ASAs are put into service the primary becomes active while the secondary becomes standby. And the ASAs use their assigned addresses. 

 

Then some problem impacts the active ASA. Perhaps it loses power or perhaps its outside interface goes down. This causes a failover event. In the failover event the ASA that has been standby becomes the active ASA and takes 172.22.8.178 as it's address, which allows traffic to continue to flow without any interruption. While the first ASA is down no one uses 172.22.8.179. And when the first ASA comes back into service it becomes the standby ASA and uses address 172.22.8.179. 

HTH

Rick

View solution in original post

2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-14-2020 03:21 AM

Hello @rutvijbrahmbhatt ,

giving an IP address also to the standby unit allows to configure interface monitoring for both units.

This monitoring can be used to decide a failover for example.

 

To see what interfaces are monitored, if any, look at the output of show failover

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎05-14-2020 08:47 AM

Part of the original post asked how the addressing works in a failover event. I think it is helpful to begin by reviewing some terminology. The terms are primary/secondary and active/standby. When you configure the ASAs you identify one as primary and the other as secondary. The primary will use address 172.22.8.178 while the secondary uses 172.22.8.179. When the ASAs are put into service the primary becomes active while the secondary becomes standby. And the ASAs use their assigned addresses. 

 

Then some problem impacts the active ASA. Perhaps it loses power or perhaps its outside interface goes down. This causes a failover event. In the failover event the ASA that has been standby becomes the active ASA and takes 172.22.8.178 as it's address, which allows traffic to continue to flow without any interruption. While the first ASA is down no one uses 172.22.8.179. And when the first ASA comes back into service it becomes the standby ASA and uses address 172.22.8.179. 

HTH

Rick
Customers Also Viewed These Support Documents