Changing the Fail-over interface IP address on the ASA Active/Standby Fail-over


Tue, 08/26/2014 - 23:19
Apr 15th, 2014
User Badges:
  • Cisco Employee,

Table of Contents 



It might be required that due to IP address shortage or IP address overlap in the Internal Network , we might need to change the Fail-over interface IP addresses.


For ex:- We see this error on the ASA device while trying to configure the ASA device and the Fail-over IP are overlapping.

WARNING: overlaps with failover interface address. The failover units may become active

This is the Fail-over configuration causing this error:-

failover lan unit primary
failover lan interface FAIL GigabitEthernet0/5
failover link STATE GigabitEthernet0/4
failover interface ip FAIL standby
failover interface ip STATE standby

To change the IP address on the Fail-over interface , we need to follow these steps:-

1) Disable the Fail-over in the Primary unit:-

no failover

2) Fail-over status on the Secondary Unit will go to:-

Failover Off (pseudo-Standby)
Failover unit Secondary

3) Change the IP address on both the ASA units separately. It will be the same command on both the units:-

failover interface ip FAIL standby
failover interface ip STATE standby

4) Once , you configure the IP address information , re-enable the fail-over first on the Primary unit and then on the Secondary Unit.

5) Fail-over will come up fine with the changed IP address on the Fail-over interface.

If you have a switch connected between the ASA Units for the Fail-over interfaces , I would suggest clearing the ARP entries on the switch.

Navneet Narang Tue, 04/15/2014 - 21:57
User Badges:

Hi, I have some doubts.

1. Is it possible to assign 4 IPs of the same subnet to the Failover & Stateful Interface ?

"failover interface ip FAIL standby

failover interface ip STATE standby"

Here, the subnet used is / 29 and all IP fall under this.


2. It is possible to use the same Physical Interface as Failover Link Interface and Stateful Link Interface, but is it feasible to give the same physical interface (in the above example its interface g0/5) so many IPs ?

Vibhor Amrodia Tue, 04/15/2014 - 22:09
User Badges:
  • Cisco Employee,

Hi Navneet,


Thank you for pointing out the Typo errors that i made on the document. I have corrected the same.

Thanks and Regards,

Vibhor Amrodia


This Document

Related Content