LAN-Based Active/Standby Failover Configuration

Unanswered Question
Aug 20th, 2008
User Badges:


I want to configure LAN-Based Active/Standby failover between two ASA 5520.From inside interfaces of two ASA cables are connected to access switch and then access switch to core switches.From outide interfaces ethernet cabes are connected to another access switch and access switch to a single internet Router.

1)Shall I user a cross over cable as faiolver link between two ASA?

2)What configuration I have to do in the access switches?

Please guide..



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
somnath21 Wed, 08/20/2008 - 02:36
User Badges:

Hi Andrew,

I am unable to access those materials as its asking username & pass. I have tried with my netpro user id but it's not working.Can you please attach it.



Jon Marshall Wed, 08/20/2008 - 01:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


If the ASA devices are near enough then yes you can use a crossover cable if you want to although i have always used straight thru cables and connected via switches.

If you do use switches then you can either

i) use a dedicated switch for connectivity between the ASA devices

ii) Use your existing inside switches but make sure you use a dedicated vlan for the failover.

A lot depends on how much traffic there is on your access-layer switches already. What you don't want is for keepalives to go missing because of the amount of user traffic.

If you are concerned about this a crossover cable may well be the way to go. See attached link for more details:



This Discussion