Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Failover - do I really need to configure a standby ip address in each interface?

It seems that ASA failover works fine without the standby address. What is the advantage of wasting an IP address?

Regards,

AM

1 ACCEPTED SOLUTION

Accepted Solutions

ASA Failover - do I really need to configure a standby ip addres

In that case you can do it without standby also but for management purpose you should have IP on standby also. Thats basically for monitor interface and both exchange hello out of that interface.

For example suppose you have only one public IP so no option to configure standby IP for secondary unit in that monitor interface can be disabled . Note- Not going to part of failover incase of failure.

Thanks

Ajay

6 REPLIES

ASA Failover - do I really need to configure a standby ip addres

Hello Ajtm,

The standby ip address will be used in order to exchange hello packets between the interfaces of the active unit ( ip address) and the standby unit (ip address).

If the interfaces do not exchange hello packets the state of that interface will be normal (waiting) witch will cause some issues if you are monitoring that interface.

Please rate helpful posts,

Kind regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Hall of Fame Super Silver

ASA Failover - do I really need to configure a standby ip addres

AM

I question your assertion that:

ASA failover works fine without the standby address.

If you configure a pair of ASA for failover and use only a single address for the interface of the primary/active ASA then perhaps it works if there is a catastrophic failure of the primary/active ASA and the backup migt take over. But what happens if there is a problem with the interface of the primary/active ASA. How will the backup ASA determine that it needs to take over from the primary if it can not query the primary interface? And how will it query the primary interface unless it has its own address?

HTH

Rick

New Member

ASA Failover - do I really need to configure a standby ip addres

Ok. I understand that the standby IP address is used for monitoring the interface. What if I have multiple vlans in one interface? Is it relevant to configure standby addresses in all of them?

Regards,

AM

ASA Failover - do I really need to configure a standby ip addres

Yes standby ip for each vlan.

This link for more details-http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Thanks

Ajay

New Member

ASA Failover - do I really need to configure a standby ip addres

I had read the document and found that it is not very clear about this subject.

If I have the following topology:

ASA-MAIN <802.1q> switch <802.1q over LACP > switch <802.1q> ASA-STDBY,

with the routers/gateways connected in the switches.

If one of the physical ports or equipment fails, I don't see what is the point of having multiple standby ip addresses in the vlan's that share the same physical port.

Regards,

Antonio

ASA Failover - do I really need to configure a standby ip addres

In that case you can do it without standby also but for management purpose you should have IP on standby also. Thats basically for monitor interface and both exchange hello out of that interface.

For example suppose you have only one public IP so no option to configure standby IP for secondary unit in that monitor interface can be disabled . Note- Not going to part of failover incase of failure.

Thanks

Ajay

1717
Views
10
Helpful
6
Replies