I want to know how we can connect asa a/s failover from the switch. i have one l3 switch from there i connected 2 asa inside interface for the failover. 1st asa ip is 10.0.0.1 standby ip 10.0.0.2 (2nd asa).
What are the procedure we have to configure in the switches ?
either we have to point on primary asa as well as 2dary asa ?
I got confused would anyone help me out ?
" 1. all the port in the switch in the same vlan "
Correct, if you have say 3 interfaces on each firewall Active/Failover, each must have unique VLAN in the switch. Say, PIX-1-Inside interface VLAN3 , PIX-2-Inside interface must be in VLAN3 and so on for other interfaces.
" 2. what is the default GW for the webserver ? "
"3. 2.1 or 2.2 ? "
You need to use 192.168.2.1 as your DG
Using the same link used by Jorge.
I quote from link !
Active/Standby Failover Overview
Active/Standby failover lets you use a standby security appliance to take over the functionality of a failed unit. When the active unit fails, it changes to the standby state while the standby unit changes to the active state. The unit that becomes active assumes the IP addresses (or, for transparent firewall, the management IP address) and MAC addresses of the failed unit and begins passing traffic. The unit that is now in standby state takes over the standby IP addresses and MAC addresses. Because network devices see no change in the MAC to IP address pairing, no ARP entries change or time out anywhere on the network.
This means the default gateway for your webserver or any host is the ip address of the ASA/PIX physical interface, not the standby IP address you configured.
In Active/Standby scenario, if active fails and standby becomes active the standby will use the the IP addresses of physical interface you configured in primary PIX/ASA.
My hosts default gateway are the physical interface IP addresses configured in Primary PIX.. same principle for ASA.