Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
3
Helpful
1
Replies

Enabling failover on ASA5520 VLAN interfaces

haxworthy
Level 1
Level 1

‎01-08-2009 02:04 PM - edited ‎03-11-2019 07:34 AM

I want to set up my VLAN interfaces for failover monitoring. These VLAN interfaces are off the inside interface. The inside interface is being monitored. Currently, by default the VLAN interfaces are not being monitored. These VLAN interfaces are already configured with a standby address.

What is the best approach to configuring monitoring on them?

Do I just simply configure a failover interface IP address on the VLAN interface using a subnet different from my other monitored interfaces?

Or is it completely not necessary to enable failover on the VLAN's since the inside is already being monitored. Cannot find a yes/no answer in any texts.

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎01-08-2009 03:40 PM

Hi, If you look at this link diagram you have inside side , outside switch , and the pair of ASA in the middle one active and other in standby, both interfaces are being monitored.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

The answer to your question is yes, you need to configured for each vlan subinterface or interface on the ASA a failover to have the interface monitored.

Example:

ASA_Primary: outside ip 172.16.1.1

ASA_Primary: inside_IP 10.20.20.1

ASA_Secondary: outside IP 172.16.1.2

ASA_Secondary: outside ip 10.20.20.2

interface Ethernet0/0

description outside

nameif outside

security-level 0

ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.20.20.1 255.255.255.0 standby 10.20.20.2

interface Ethernet0/2

description LAN Failover Interface

interface Management0/0

description STATE Failover Interface

management-only

same principle above applies for asa subinterfaces if u are doing dot1q trunking.

failover

failover lan unit primary

failover lan interface failover Ethernet0/2

failover link state Management0/0

failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2

failover interface ip state 10.0.0.1 255.255.255.0 standby 10.0.0.2

Regards

PLS rate any helpful posts

Jorge Rodriguez
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card