ASA active/standby mode in active/active status

Unanswered Question
Mar 11th, 2009
User Badges:

Hi, what happens if 2 ASA in active/standby configuration, after a network problem, discover to be either in active state ? Is failover disabled on ether ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Tue, 03/17/2009 - 14:52
User Badges:
  • Silver, 250 points or more

The main differences between the two units in a failover pair are related to which unit is active and which unit is standby, namely which IP addresses to use and which unit is primary and actively passes traffic.

A few differences exist between the units based on which unit is primary (as specified in the configuration) and which unit is secondary:

The primary unit always becomes the active unit if both units start up at the same time (and are of equal operational health).

The primary unit MAC address is always coupled with the active IP addresses. The exception to this rule occurs when the secondary unit is active and cannot obtain the primary MAC address over the failover link. In this case, the secondary MAC address is used.

r.spiandorello Wed, 03/18/2009 - 00:43
User Badges:

Thank you, I know perfectly the theory, but I'd like to better study the case of 2 ASA in active state, caused by a break of the networking between the 2 appliance.


This Discussion