I have been able to setup failove for two Cisco ASA devices and they seem to be functioning- used two physical Interfaces, one for LAN and one for State as those resources were not needed for DMZ or things like that.
Now, My question migt really seems to be silly but I go ahead and ask?
do I need to setup an outside interface and inside interface on teh secondary device as well?
I have done that but, in my scenario since both inside and outside Interfaces had public IP addresses on our datacenter LAN, I had a lots of difficulty with routing, so I put an static route in our core router for the subnet used by the customer to get to the outside interface of the Interface and also be able to VPN in and all seems to be working, but, what if the Primary switch back to secondary? the secondary has a different outside and inside inyerface IP addresses tyhaan Primary, so , do I need to put another static IP route statemnet with a longer metric to the one I put for the primary device outside interface?
in short, i wonder how traffic will hit the outside Interface of the secondary device (ASA) when the primary has failed?
Also, I wonder if this information is correct for faailover, pls see attached. I have used the same Private IPs I used for ethernet3 and ethernet2 that I used on the primary for failover for LAN and State failover? I used the same IPs, is that Ok?
Frist time I ever worked with ASA and had to setup failover, Firewalling and Remote VPN and all seem to be working!! but i need to make sure and stop guessing and not being sure what I have done as explianed above.