transparent firewall failover on ASA5520

Unanswered Question
Apr 2nd, 2008
User Badges:

Dear All,


I installed ASA5520 pair in transparent mode for the server farm in one of my customer data center. The server farm switches are 3750 with stacked using the stacking cable.


When i found the primary firewall in standby i used in console "failover active" to bring it to the active state.

As soon as this FW comes active all the server farms switch ports LEDs are blinking fast and some of the server seems reseted. The whole network down untill again we brought back the standby secondary firewall to the active by no failover active in primary FW.


What went wrong during the FW switchover to the active state.


Also how can we access the ASDM using the management 0/0 interface.


I need to have the sample config.

Thanks

swami


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Wed, 04/09/2008 - 05:20
User Badges:
  • Bronze, 100 points or more

The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

pauloroque Fri, 04/11/2008 - 12:04
User Badges:

You probably formed a L2 loop, because the ASA working in transparent mode acts as a bridge.


In which way did you connect the switches and ASA's?


I have a similar project to implement in few days and I am thinking how to connect the ASA in transparent mode and 2 or 4 redundant switches without going into loops L2. I know that STP will block a port to remove the loop, but if the active ASA fails the STP topology should also change.


I am not sure if there is a way to build a functional topology with ASA both transparent and active/failover modes.


Thanks

Paulo Roque

Network Engineer

Actions

This Discussion