Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
4
Helpful
2
Replies

ASA - Transparent failover pair without STP possible?

Go to solution
pictuscat
Level 1
Level 1

‎09-16-2013 07:14 AM - edited ‎03-11-2019 07:39 PM

Hello,

I’m trying to see if it is possible to introduce two transparent ASA 5520s in an Active/Standby pair between 2 switches that don't currently run any form of STP.

tran_fw.jpg

Does anyone know if this is a supported configuration? I’m aware that if both ASA units thought that they were the master this could introduce a L2 loop but under normal operation would a failover succeed without creating a loop or is STP definitely required to achieve this set-up?

I'm trying to avoid having to use routed mode in this instance as re-numbering the address spaces would be quite difficult for this particular scenario.

Many thanks,

Andy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-16-2013 11:35 AM

Hello Andy,

Exactly, while one unit is on standby mode it will not introduce any loop as it will not be forwarding any data.

That being said it's a supported scenario

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-16-2013 11:35 AM

Hello Andy,

Exactly, while one unit is on standby mode it will not introduce any loop as it will not be forwarding any data.

That being said it's a supported scenario

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
pictuscat
Level 1
Level 1
In response to Julio Carvajal

‎09-19-2013 03:33 AM

Thanks Julio. I'm going to recommend the routed mode even though it's likely to cause some short-term pain. But it's good to know that transparent mode should be possible if that's not an option.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card