Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
709
Views
0
Helpful
2
Replies

ASA5520 Failover Config Question

Go to solution
rjrii
Level 1
Level 1

‎11-09-2007 09:33 AM - last edited on ‎03-25-2019 05:10 PM by Community Manager

Can I use the same interface for both the lan failover cable and the state sync'ing?

I currenlty have the following ocnfig, but I really need another interface for a DMZ, so I'd like to consolidate the lan interface and link interface if possible. Would they use the same IP addresses if this scenario is a valid option?

-----

failover lan unit primary

failover lan interface failover GigabitEthernet0/3

failover link FWstate GigabitEthernet0/2

failover interface ip failover 10.2.0.1 255.255.255.0 standby 10.2.0.2

failover interface ip FWstate 10.2.1.1 255.255.255.0 standby 10.2.1.2

Essentially, I'm asking will the following work:

failover lan unit primary

failover lan interface failover GigabitEthernet0/3

failover link FWstate GigabitEthernet0/3

failover interface ip failover 10.2.0.1 255.255.255.0 standby 10.2.0.2

failover interface ip FWstate 10.2.0.1 255.255.255.0 standby 10.2.0.2

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rslaski
Spotlight
Spotlight

‎11-09-2007 05:16 PM

It is possible, but do not duplicate failover interface addresing. Use following config:

failover lan unit primary

failover lan interface FAIL GigabitEthernet0/3

failover link FAIL GigabitEthernet0/3

failover interface ip FAIL 10.2.0.1 255.255.255.0 standby 10.2.0.2

mikrobi,

View solution in original post

0 Helpful
2 Replies 2

Go to solution
rslaski
Spotlight
Spotlight

‎11-09-2007 05:16 PM

It is possible, but do not duplicate failover interface addresing. Use following config:

failover lan unit primary

failover lan interface FAIL GigabitEthernet0/3

failover link FAIL GigabitEthernet0/3

failover interface ip FAIL 10.2.0.1 255.255.255.0 standby 10.2.0.2

mikrobi,

0 Helpful

Go to solution
mj11
Level 3
Level 3

‎11-09-2007 05:30 PM

Hi

Looking at the docs To use Stateful Failover, you must configure a Stateful Failover link to pass all state information. You have three options for configuring a Stateful Failover link:

•You can use a dedicated Ethernet interface for the Stateful Failover link.

•If you are using LAN-based failover, you can share the failover link.

•You can share a regular data interface, such as the inside interface. However, this option is not recommended.

If you are using a dedicated Ethernet interface for the Stateful Failover link, you can use either a switch or a crossover cable to directly connect the units. If you use a switch, no other hosts or routers should be on this link.

Regards MJ

0 Helpful
Customers Also Viewed These Support Documents