In an active / standby failover setup how do the firewalls present the inside/outside addresses?
In a one device setup you would obviously have one inside address and one outside address. In a two device setup do the devices share the inside and outside address in some fashion akin to HSRP?
hi there is no concept of hsrp out here or virtual ip address.
in failover the primary pix or asa is configured with their inside and outside interfaces. now the the ip address of the other asa has to be in the same subnet as the primary pix but not the same ip address.
the users on the inside will set their default-gateway as the inside ip address of the pix. when the primary goes down. the standy pix takes over the ip address and mac-address of the primary pix.and the primary pix takes over the mac-address and ip address of the standby pix.
inside address 10.1.1.1/24
then inside address of secondary pix 10.1.1.2/24
similarly for outside and failover interfaces.
hope this helps.