Solved: ASA in HA mode/management access.

bruce.thornton · ‎01-22-2014

I have two ASA5515s in HA mode, that is working fine. The issue I'm having is I want to access those ASAs via the Mgmt interfaces. The respective interfaces are connected to a 6509 as a routed connection on different bladed. Example. FW-PRI is on gi2/24 and FW-SEC is on gi3/24. That works just fine until I bring up the HA connection and the active FW-PRI pushes the configuration over to the FW-SEC. My question is can the managment interfaces be exluded from the HA fail-over and keep its static assigned ip address?

Collin Clark · ‎01-24-2014

Don't use routed interfaces on the management ports, instead use a VLAN that both management ports belong to.

View solution in original post

lcambron · ‎01-23-2014

Hello Bruce,

We cannot exclude part of the configuration from being replicated if that is what you are asking.

You can exclude the interface from being monitored basically.

Not sure how or what IPs you are assigning, the IP to the seconday ASA is configured from the primary Firewall.

Regards,

Felipe.

Remember to rate useful posts.

Collin Clark · ‎01-24-2014

Don't use routed interfaces on the management ports, instead use a VLAN that both management ports belong to.

bruce.thornton · ‎01-24-2014

That is what I did, created an SVI and assigned each management interface to the SVI. Works just fine.