Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA failover arp issues

Hi,

I am having a problem with address translation on a pair of Cisco ASA firewalls when they failover.

The current setup has 2 x Cisco ASA5520 firewalls configured in active/standby failover. I have address translation configured on the ASA using both the interface address (e.g. 1.1.1.1 for SMTP and WWW) as well as another range of IP's that is being routed to the firewalls (e.g. 2.2.2.0/24 for various ports). When the firewalls failover I can reach SMTP and WWW for the address 1.1.1.1 but the 2.2.2.x addresses aren't available. The upstream layer 3 switches are updating the arp tables for the 1.1.1.1 address but not for the 2.2.2.x range.

Has anyone experienced this problem?  I was thinking of using an asr-group but this only appears to be relevant for active/active failover configuration?

Any assistance is much appreciated.

2 REPLIES
Silver

Cisco ASA failover arp issues

Are the Internet links and outside interfaces of the FWs in one VLAN and the inside side of the ASAs is another VLAN (in case both sides of the FWs are connecting to the same switch). What is the OS version of the ASA?

---

Posted by WebUser Dennis Ariel

New Member

Cisco ASA failover arp issues

Hi, they are running 8.4(2).

The outside is connected to different switches using the same VLAN and HSRP as the upstream gasteway. The inside is connected to two different switches internally using one VLAN and no routing on the switches.

Thanks

915
Views
0
Helpful
2
Replies