08-27-2009 08:46 AM - edited 03-11-2019 09:10 AM
When configuring ASA's in A/S should you be able to connect to the ASA in standby mode?
08-27-2009 09:10 AM
my experience, it depends...it depends on how you have authentication and routing configured on the primary. if dynamic routing is enabled and you're relying on an authentication server, it's possible the standby unit doesn't have a route to the auth server. to accomodate this, put a static route in the primary just for the auth server...or have a LOCAL auth group as a fallback auth method when the auth server times out.
also, if yo'ure using an auth server (eg radius/tacacs), make sure you have the standby IP in there as well as the primary.
08-27-2009 03:32 PM
Only through console. I have this setup and I cannot access the standby box unless I use console.
Box boxes are configured exactly the same, so you only have 1 IP address.
On the old PIXes you were able to connect to both the standby and active boxes because each one had a different IP.
You can however issue failover commands to the standby box. So you can restart the standby box or make it active, but as far as I know that is all you can do.
08-28-2009 05:35 AM
what do you mean you only have 1 IP? did you not configure the standby addresses?
08-31-2009 09:37 AM
This is how my failover is configured: failover
failover lan unit primary
failover lan interface LANFAIL GigabitEthernet0/3
failover polltime unit 1 holdtime 3
failover key *****
failover link LANFAIL GigabitEthernet0/3
failover interface ip LANFAIL 192.168.101.1 255.255.255.0 standby 192.168.101.2
I do have the standby address configured for the failover link but I do not have a standby address on any other interface. I never really tried connecting to the failover IP address, I dont have that routed through my regular network.
Are you saying I should have a stanby IP address on my other interfaces aswell? I know the PIXs are setup that way.
Thanks
08-31-2009 09:18 AM
Yes, just make sure the standby addresses are setup. I connect to our standby and perform upgrades all the time without any issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide