We have both a 5510 and a 5505, and they are both running the security plus licenses. At this time, the 5510 is connected to our primary (and much faster) ISP connection. We also have a DSL connection available that I could connect to the 5505. A different ISP supplies each device (Charter and AT&T, respectively). Each are assigned a single, public IP address via DHCP from the respective ISP.
Is it possible to configure the 5505 to accept the connection and become primary in the event that the 5510 goes offline (either due to outage or failure)?
If so, what are the steps I would take to configure this? Examples of commands to issue would be very helpful.
You cannot configure a direct Failover/HA setup with two different ASA models.
For a solution to your problem, I'd suggest using IP SLA on a router or L3 switch that both ASAs plug into - that way if one link/ASA goes down, the default route will change to the other ASA.
EDIT: By the way, the failover setup you describe is Active/Standby. Active/Active refers to two separate ASAs running multi-context, with one ASA being active for "context1" and the other ASA being active for "context2". ASA 5505's do not support multi-context.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...