ASA5520 Failover Config Question

Answered Question
Nov 9th, 2007

Can I use the same interface for both the lan failover cable and the state sync'ing?


I currenlty have the following ocnfig, but I really need another interface for a DMZ, so I'd like to consolidate the lan interface and link interface if possible. Would they use the same IP addresses if this scenario is a valid option?


-----


failover lan unit primary

failover lan interface failover GigabitEthernet0/3

failover link FWstate GigabitEthernet0/2

failover interface ip failover 10.2.0.1 255.255.255.0 standby 10.2.0.2

failover interface ip FWstate 10.2.1.1 255.255.255.0 standby 10.2.1.2


Essentially, I'm asking will the following work:


failover lan unit primary

failover lan interface failover GigabitEthernet0/3

failover link FWstate GigabitEthernet0/3

failover interface ip failover 10.2.0.1 255.255.255.0 standby 10.2.0.2

failover interface ip FWstate 10.2.0.1 255.255.255.0 standby 10.2.0.2

Correct Answer by rslaski about 9 years 3 months ago

It is possible, but do not duplicate failover interface addresing. Use following config:


failover lan unit primary

failover lan interface FAIL GigabitEthernet0/3

failover link FAIL GigabitEthernet0/3

failover interface ip FAIL 10.2.0.1 255.255.255.0 standby 10.2.0.2


mikrobi,




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rslaski Fri, 11/09/2007 - 17:16

It is possible, but do not duplicate failover interface addresing. Use following config:


failover lan unit primary

failover lan interface FAIL GigabitEthernet0/3

failover link FAIL GigabitEthernet0/3

failover interface ip FAIL 10.2.0.1 255.255.255.0 standby 10.2.0.2


mikrobi,




Hi


Looking at the docs To use Stateful Failover, you must configure a Stateful Failover link to pass all state information. You have three options for configuring a Stateful Failover link:


•You can use a dedicated Ethernet interface for the Stateful Failover link.


•If you are using LAN-based failover, you can share the failover link.


•You can share a regular data interface, such as the inside interface. However, this option is not recommended.


If you are using a dedicated Ethernet interface for the Stateful Failover link, you can use either a switch or a crossover cable to directly connect the units. If you use a switch, no other hosts or routers should be on this link.


Regards MJ

Actions

This Discussion