Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
2
Replies

transparent firewall failover on ASA5520

arumugasamy
Level 1
Level 1

‎04-02-2008 08:32 AM - edited ‎03-11-2019 05:26 AM

Dear All,

I installed ASA5520 pair in transparent mode for the server farm in one of my customer data center. The server farm switches are 3750 with stacked using the stacking cable.

When i found the primary firewall in standby i used in console "failover active" to bring it to the active state.

As soon as this FW comes active all the server farms switch ports LEDs are blinking fast and some of the server seems reseted. The whole network down untill again we brought back the standby secondary firewall to the active by no failover active in primary FW.

What went wrong during the FW switchover to the active state.

Also how can we access the ASDM using the management 0/0 interface.

I need to have the sample config.

Thanks

swami

Thanks

Labels:
0 Helpful
2 Replies 2

vkapoor5
Level 5
Level 5

‎04-09-2008 05:20 AM

The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

0 Helpful

pauloroque
Level 1
Level 1

‎04-11-2008 12:04 PM

You probably formed a L2 loop, because the ASA working in transparent mode acts as a bridge.

In which way did you connect the switches and ASA's?

I have a similar project to implement in few days and I am thinking how to connect the ASA in transparent mode and 2 or 4 redundant switches without going into loops L2. I know that STP will block a port to remove the loop, but if the active ASA fails the STP topology should also change.

I am not sure if there is a way to build a functional topology with ASA both transparent and active/failover modes.

Thanks

Paulo Roque

Network Engineer

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card