Active\standby failover on ASA5510

Unanswered Question
Feb 13th, 2009
User Badges:

I am setting up active\standby failover on 2 ASA 5510's. I am also setting up a backup ISP link. Now should I set the monitor-interface on the inside and backup interfaces

So that if the inside goes down it fails over to the secondary device and if the outside interface to the Main ISP link goes down it starts sending traffic out through the Backup interface and if that goes down it fails over to the secondary device.

Another question can I use the Management0/0 interface for the for Failover connection? If not I have ran out of ports, I am using ports for Outside, Inside, Backup and DMZ.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cdusio Mon, 02/16/2009 - 06:39
User Badges:
  • Bronze, 100 points or more

Your failover scenario involves two aspects. Link failure and ISP failure.

Link failures on the priumary asa cause failover to the secondary ASA so you can pick and choose which interfaces need to be addressed here.

The second thing can be solved by object tracking on the primary ISP so that if that object tracking component fails, you will use the second ISP.

Yes you can use the MGMNT interface.


servnj Fri, 02/20/2009 - 07:25
User Badges:

Whe you setup an ASA for failover is it just checking that it's own interfaces are working and passing traffic or what it is connected to, like the port of the switch to the inside network and the ISP modem to the outside or both.

cdusio Fri, 02/20/2009 - 07:35
User Badges:
  • Bronze, 100 points or more

It checks the health of it's peer and by doing so it s checking the path integrity between the two ASA's.


This Discussion