Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Failover setup on ASA 5550

I am trying to setup LAN based failover Active/standby between two 5550s.  As I was reading a documentation on Cisco website, it is instructed that all of the interfaces are needed to be configured with active and standby ip addresses.  I'm trying to understand the purpose of this configuration.  What is the purpose of having standby ip addresses on all interfaces?  I'm little confused.  I don't recall I did setup standby addresses last time I worked on failover.

Can someone explain this to me?  Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Failover setup on ASA 5550

You are right. The active unit will use the same ip always. In your case it is x.x.x.1.

In a failover event they will swap ips and macs, so you don't need to change gateways or anything else. The hosts will think they are talking through the same GW and path.

I hope it helps.

PK

4 REPLIES
Hall of Fame Super Blue

Re: Failover setup on ASA 5550

kim.peter wrote:

I am trying to setup LAN based failover Active/standby between two 5550s.  As I was reading a documentation on Cisco website, it is instructed that all of the interfaces are needed to be configured with active and standby ip addresses.  I'm trying to understand the purpose of this configuration.  What is the purpose of having standby ip addresses on all interfaces?  I'm little confused.  I don't recall I did setup standby addresses last time I worked on failover.

Can someone explain this to me?  Thanks.

You don't actually need to use standby IP addresses on all the interfaces eg. if you only had one public IP you may not be able to. But without a standby address on an interface you won't be able to monitor on that interface and you won't be able to connect to the standby firewall on that interface.

Jon

Cisco Employee

Re: Failover setup on ASA 5550

If the interfaces use private, RFC 1918 address space I'd certainly configure standby IP address. If the interfaces

use routable IP address and you are short of addresses then, you can get by without configuring standby IP address for just those interface(s).

You can see some failover sample config here:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbas

You can see both primary and secondary complete config in the above link.

-KS

New Member

Re: Failover setup on ASA 5550

thanks for your replies.  I was using that document on the link.  The question I have is that if I use primary as X.X.X.1 and standby as X.X.X.2, what happens primary unit goes down?  The secondary unit takes over the X.X.X.1 address?  Does my GW IP stay same for end workstations?  I'm little confused on this.  Thanks again.

Cisco Employee

Re: Failover setup on ASA 5550

You are right. The active unit will use the same ip always. In your case it is x.x.x.1.

In a failover event they will swap ips and macs, so you don't need to change gateways or anything else. The hosts will think they are talking through the same GW and path.

I hope it helps.

PK

2113
Views
0
Helpful
4
Replies
CreatePlease to create content