Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
10110
Views
8
Helpful
3
Comments

Changing the Fail-over interface IP address on the ASA Active/Standby Fail-over

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎04-15-2014 05:27 PM - edited ‎08-28-2017 11:14 PM

     

     

    Introduction

    It might be required that due to IP address shortage or IP address overlap in the Internal Network , we might need to change the Fail-over interface IP addresses.

    Example

    For ex:- We see this error on the ASA device while trying to configure the ASA device and the Fail-over IP are overlapping.

    WARNING: 192.168.0.0-192.168.255.255 overlaps with failover interface address. The failover units may become active

    This is the Fail-over configuration causing this error:-

    failover
failover lan unit primary
failover lan interface FAIL GigabitEthernet0/5
failover link STATE GigabitEthernet0/4
failover interface ip FAIL 192.168.201.1 255.255.255.252 standby 192.168.201.2
failover interface ip STATE 192.168.202.1 255.255.255.252 standby 192.168.202.2

    To change the IP address on the Fail-over interface , we need to follow these steps:-

    1) Disable the Fail-over in the Primary unit:-

    no failover

    2) Fail-over status on the Secondary Unit will go to:-

    Failover Off (pseudo-Standby)
    Failover unit Secondary

    3) Change the IP address on both the ASA units separately. It will be the same command on both the units:-

    failover interface ip FAIL 172.16.2.3 255.255.255.252 standby 172.16.2.4
    failover interface ip STATE 172.16.4.5 255.255.255.252 standby 172.16.4.6

    4) Once , you configure the IP address information , re-enable the fail-over first on the Primary unit and then on the Secondary Unit.

    5) Fail-over will come up fine with the changed IP address on the Fail-over interface.

    If you have a switch connected between the ASA Units for the Fail-over interfaces , I would suggest clearing the ARP entries on the switch.

    Comments
    Navneet Narang
    Level 1
    Level 1
    ‎04-15-2014 09:57 PM

    Hi, I have some doubts.

    1. Is it possible to assign 4 IPs of the same subnet to the Failover & Stateful Interface ?

    "failover interface ip FAIL 192.168.202.3 255.255.255.248 standby 192.168.202.4

    failover interface ip STATE 192.168.202.1 255.255.255.248 standby 192.168.202.2"

    Here, the subnet used is 192.168.202.0 / 29 and all IP fall under this.

     

    2. It is possible to use the same Physical Interface as Failover Link Interface and Stateful Link Interface, but is it feasible to give the same physical interface (in the above example its interface g0/5) so many IPs ?

    Vibhor Amrodia
    Cisco Employee
    Cisco Employee
    ‎04-15-2014 10:09 PM

    Hi Navneet,

     

    Thank you for pointing out the Typo errors that i made on the document. I have corrected the same.

    Thanks and Regards,

    Vibhor Amrodia

    Navneet Narang
    Level 1
    Level 1
    ‎04-15-2014 10:27 PM

    smileyyes

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents