Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA Failover

When configuring ASA's in A/S should you be able to connect to the ASA in standby mode?

5 REPLIES
Gold

Re: ASA Failover

my experience, it depends...it depends on how you have authentication and routing configured on the primary. if dynamic routing is enabled and you're relying on an authentication server, it's possible the standby unit doesn't have a route to the auth server. to accomodate this, put a static route in the primary just for the auth server...or have a LOCAL auth group as a fallback auth method when the auth server times out.

also, if yo'ure using an auth server (eg radius/tacacs), make sure you have the standby IP in there as well as the primary.

New Member

Re: ASA Failover

Only through console. I have this setup and I cannot access the standby box unless I use console.

Box boxes are configured exactly the same, so you only have 1 IP address.

On the old PIXes you were able to connect to both the standby and active boxes because each one had a different IP.

You can however issue failover commands to the standby box. So you can restart the standby box or make it active, but as far as I know that is all you can do.

Gold

Re: ASA Failover

what do you mean you only have 1 IP? did you not configure the standby addresses?

New Member

Re: ASA Failover

This is how my failover is configured: failover

failover lan unit primary

failover lan interface LANFAIL GigabitEthernet0/3

failover polltime unit 1 holdtime 3

failover key *****

failover link LANFAIL GigabitEthernet0/3

failover interface ip LANFAIL 192.168.101.1 255.255.255.0 standby 192.168.101.2

I do have the standby address configured for the failover link but I do not have a standby address on any other interface. I never really tried connecting to the failover IP address, I dont have that routed through my regular network.

Are you saying I should have a stanby IP address on my other interfaces aswell? I know the PIXs are setup that way.

Thanks

New Member

Re: ASA Failover

Yes, just make sure the standby addresses are setup. I connect to our standby and perform upgrades all the time without any issues.

178
Views
0
Helpful
5
Replies
CreatePlease to create content