Enabling failover on ASA5520 VLAN interfaces

Unanswered Question
Jan 8th, 2009
User Badges:

I want to set up my VLAN interfaces for failover monitoring. These VLAN interfaces are off the inside interface. The inside interface is being monitored. Currently, by default the VLAN interfaces are not being monitored. These VLAN interfaces are already configured with a standby address.

What is the best approach to configuring monitoring on them?

Do I just simply configure a failover interface IP address on the VLAN interface using a subnet different from my other monitored interfaces?

Or is it completely not necessary to enable failover on the VLAN's since the inside is already being monitored. Cannot find a yes/no answer in any texts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
JORGE RODRIGUEZ Thu, 01/08/2009 - 15:40
User Badges:
  • Green, 3000 points or more

Hi, If you look at this link diagram you have inside side , outside switch , and the pair of ASA in the middle one active and other in standby, both interfaces are being monitored.


The answer to your question is yes, you need to configured for each vlan subinterface or interface on the ASA a failover to have the interface monitored.


ASA_Primary: outside ip

ASA_Primary: inside_IP

ASA_Secondary: outside IP

ASA_Secondary: outside ip

interface Ethernet0/0

description outside

nameif outside

security-level 0

ip address standby

interface Ethernet0/1

nameif inside

security-level 100

ip address standby

interface Ethernet0/2

description LAN Failover Interface

interface Management0/0

description STATE Failover Interface


same principle above applies for asa subinterfaces if u are doing dot1q trunking.


failover lan unit primary

failover lan interface failover Ethernet0/2

failover link state Management0/0

failover interface ip failover standby

failover interface ip state standby


PLS rate any helpful posts


This Discussion