Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
215
Views
0
Helpful
1
Replies

VPN redundancy single IP 2 ASA's

fgasimzade
Enthusiast
Enthusiast

‎02-16-2017 03:27 AM

Hello all,

Is it possible to configure active\standby for a site-to-site VPN using 2 Cisco ASA 5510 or 5520 with a single ISP

I remember I read somewhere that this was not possible, but can not find any information now

Thank you

Labels:
0 Helpful
1 Reply 1

Francesco Molino
Mentor
Mentor

‎02-16-2017 09:03 AM

Hi

If you have a active/failover ASA and you setup the outside interface with only 1 IP, that means actually you have the following config:

interface gi0/1

  nameif outside

  security-level 0

  ip address x.x.x.x x.x.x.x ==> without the standby keyword.

The failover will work and the standby ASA will get the actual IP of the active ASA. However, the limitation is that you can't monitor this interface to trigger a failover on the standby. That means if you have a link failure on the outside there won't be an automatic failover.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents