I have configured a couple of ASA5510's as an active/standby pair and all is working well. I have a bunch of ASA's that I manage and as a practice, I don't usually configure or connect the management interfaces. I just connect to them via one of the data interfaces. However, while I was playing around with the failover pair in the lab I lost connectivity to the primary unit (don't ever let your unconfigured standby unit come up BEFORE you issue the failover command on the primary unit!). This made me think that I might want to configure management interfaces.
Ideally, the management interfaces would have "static" addresses. They would not be monitored interfaces and the management IP address would not change when failover occurs. In other words, if the secondary/standby has a management IP address of 18.104.22.168 it STILL has a management address of 22.214.171.124 when it becomes secondary/active.
I tried to make this work by assigning different IP addresses to the m0/0 interfaces on each ASA without the "standby" address parameter. Of course, I have to do this on the active unit before I do it on the standby unit. If I do it on the standby unit first, that address gets overwritten when the "ip address" command is replicated from the primary unit. So now I have the two units each with a different IP addresses on the management interface. In this configuration, I can access the active unit management int but not the standby. A "show int m0/0" command on the standby tells me that the IP address is unassigned, but a "show run int m0/0" indicates that it is configured. Oh - and I have configured "no monitor-interface management"
So, I take it that it is not possible to do this? If not, I have to ask myself the same question I did before - why bother connecting the management interface?
TIA - Jeff