ASA Active / Standby failover - addressing query?

Answered Question
Apr 5th, 2007
User Badges:

In an active / standby failover setup how do the firewalls present the inside/outside addresses?


In a one device setup you would obviously have one inside address and one outside address. In a two device setup do the devices share the inside and outside address in some fashion akin to HSRP?

Correct Answer by sebastan_bach about 10 years 3 months ago

hi there is no concept of hsrp out here or virtual ip address.


in failover the primary pix or asa is configured with their inside and outside interfaces. now the the ip address of the other asa has to be in the same subnet as the primary pix but not the same ip address.


the users on the inside will set their default-gateway as the inside ip address of the pix. when the primary goes down. the standy pix takes over the ip address and mac-address of the primary pix.and the primary pix takes over the mac-address and ip address of the standby pix.


example:


primary pix


inside address 10.1.1.1/24

then inside address of secondary pix 10.1.1.2/24


similarly for outside and failover interfaces.


hope this helps.


regards


sebastan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
sebastan_bach Thu, 04/05/2007 - 03:14
User Badges:

hi there is no concept of hsrp out here or virtual ip address.


in failover the primary pix or asa is configured with their inside and outside interfaces. now the the ip address of the other asa has to be in the same subnet as the primary pix but not the same ip address.


the users on the inside will set their default-gateway as the inside ip address of the pix. when the primary goes down. the standy pix takes over the ip address and mac-address of the primary pix.and the primary pix takes over the mac-address and ip address of the standby pix.


example:


primary pix


inside address 10.1.1.1/24

then inside address of secondary pix 10.1.1.2/24


similarly for outside and failover interfaces.


hope this helps.


regards


sebastan

jason.scott Thu, 04/05/2007 - 03:32
User Badges:

Ah, that explains it perfectly, thank you Sebastan. I do find a lot of the documentation to be a little obscure sometimes! :)

Actions

This Discussion