Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA - Transparent failover pair without STP possible?

Hello,

I’m trying to see if it is possible to introduce two transparent ASA 5520s in an Active/Standby pair between 2 switches that don't currently run any form of STP.

tran_fw.jpg

Does anyone know if this is a supported configuration? I’m aware that if both ASA units thought that they were the master this could introduce a L2 loop but under normal operation would a failover succeed without creating a loop or is STP definitely required to achieve this set-up?

I'm trying to avoid having to use routed mode in this instance as re-numbering the address spaces would be quite difficult for this particular scenario.

Many thanks,

Andy

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

ASA - Transparent failover pair without STP possible?

Hello Andy,

Exactly, while one unit is on standby mode it will not introduce any loop as it will not be forwarding any data.

That being said it's a supported scenario

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
2 REPLIES

ASA - Transparent failover pair without STP possible?

Hello Andy,

Exactly, while one unit is on standby mode it will not introduce any loop as it will not be forwarding any data.

That being said it's a supported scenario

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

ASA - Transparent failover pair without STP possible?

Thanks Julio. I'm going to recommend the routed mode even though it's likely to cause some short-term pain. But it's good to know that transparent mode should be possible if that's not an option.

282
Views
4
Helpful
2
Replies
CreatePlease to create content