Solved: Failover on ASA by IP on different subnet?

John Blakley · ‎06-08-2009

I'll be configuring an ASA 5550 for a DR site. Is there a way that I can configure this 5550 to be a failover in case the primary in the main site goes down even though it's on a different subnet?

Thanks,

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎06-08-2009

John

If you mean failover as in active/standby scenario then no you can't because for that to work the firewalls need to have L2 adjacency.

Jon

View solution in original post

Jon Marshall · ‎06-08-2009

John

If you mean failover as in active/standby scenario then no you can't because for that to work the firewalls need to have L2 adjacency.

Jon

John Blakley · ‎06-08-2009

Thanks :)

HTH, John *** Please rate all useful posts ***

cjake7777 · ‎06-12-2009

Jon-

If they were in the same subnets could you? I have 10 gig between my datacenters. I think you can, my issue would be detecting what types of failover. Can you track for failover purposes? I can loose internet link, but the link stays up? Thanks for your help.

Jon Marshall · ‎06-12-2009

Jake

"If they were in the same subnets could you ?"

Yes you could although you would need to factor in the latency between the 2 sites and see if that would affect keepalive/state packets.

I don't believe the ASA support object tracking in the same way a router does.

Is your internet link terminated into a router then ?

Jon

cjake7777 · ‎06-12-2009

The internet is at both sites with 7200s. I did see that the ASA can do ip sla tracking, but its only for default routes. Since these are going to be at different locations, I need to be able to track the inside route as well. Any guidance is appreciated.