- Silver, 250 points or more
I have a pair of ASA 5510 with security plus license. I am going to setup site-2-site VPN on them in Active/Stanby configuration STATEFUL failover. I WILL NOT BE USING ANY 802.1Q. I will be running ASA 8.2.1 code.
The ASA5510 comes with 5 interfaces. I have a requirements to have outside, inside, dmz1 and dmz2. However, upon reading this document, I think it stated that I need to have two NICs, one for the failover interface and one for the state interface. If that is the case, that will leave me with only three interfaces.
Is it possible to combine both the state and failover interface into a single physical interface? I remembered I had done it once three years with Pix firewall and even though does not recommend it, it can be done.
Can it be done on ASA with LAN-based failover with combining both failover and state
into a single interface? If so how?
Thanks in advance.
below is what i have on my ASA for stateful/failover with same code as you. just change interface to match yours...Polltime you can change to match yours..
failover lan unit primary
failover lan interface LAN-Failover TenGigabitEthernet7/0
failover polltime unit 1 holdtime 3
failover polltime interface 1 holdtime 5
failover link LAN-Failover TenGigabitEthernet7/0
failover interface ip LAN-Failover 10.1.1.1 255.255.255.0 standby 10.1.1.2