ASA standby ip address

Unanswered Question
Sep 2nd, 2008
User Badges:

is it necessary to put standby ip address on a Active/Standby scenario? What is the different with or without standby ip address?

Below is my config on Active/Standby ASA and i did not apply standby ip on the interfaces ...

so, basically i just use simple layer-3 address assignment on the interface.

interface Ethernet0/0

nameif outside

security-level 0

ip address


interface Ethernet0/1

nameif inside

security-level 100

ip address


interface Ethernet0/2

nameif dmz

security-level 50

ip address


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Tue, 09/02/2008 - 18:23
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

Hi Gerard

first of all,

Active/Standby Failover lets you use a standby security appliance to take over the functionality of a failed unit. When the active unit fails, it changes to the standby state while the standby unit changes to the active state. The unit that becomes active assumes the IP addresses (or, for a transparent firewall, the management IP address) and MAC addresses of the failed unit and begins to pass traffic. The unit that is now in standby state takes over the standby IP addresses and MAC addresses. Because network devices see no change in the MAC to IP address pairing, no ARP entries change or time out anywhere on the network

based on the above detail the answer to you Question is:

** configure the active and standby IP addresses for each data interface (routed mode) or for the management interface (transparent mode). The standby IP address is used on the security appliance that is currently the standby unit. It must be in the same subnet as the active IP address**

and the following link will be a good refrence to use

good luck

If helpful Rate


This Discussion