Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2463
Views
0
Helpful
4
Replies

Failover setup on ASA 5550

Go to solution
Peter Kim
Level 1
Level 1

‎10-14-2010 02:26 PM - edited ‎03-11-2019 11:54 AM

I am trying to setup LAN based failover Active/standby between two 5550s.  As I was reading a documentation on Cisco website, it is instructed that all of the interfaces are needed to be configured with active and standby ip addresses.  I'm trying to understand the purpose of this configuration.  What is the purpose of having standby ip addresses on all interfaces?  I'm little confused.  I don't recall I did setup standby addresses last time I worked on failover.

Can someone explain this to me?  Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Peter Kim

‎10-15-2010 07:55 AM

You are right. The active unit will use the same ip always. In your case it is x.x.x.1.

In a failover event they will swap ips and macs, so you don't need to change gateways or anything else. The hosts will think they are talking through the same GW and path.

I hope it helps.

PK

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-14-2010 02:52 PM 

kim.peter wrote:
I am trying to setup LAN based failover Active/standby between two 5550s.  As I was reading a documentation on Cisco website, it is instructed that all of the interfaces are needed to be configured with active and standby ip addresses.  I'm trying to understand the purpose of this configuration.  What is the purpose of having standby ip addresses on all interfaces?  I'm little confused.  I don't recall I did setup standby addresses last time I worked on failover.
Can someone explain this to me?  Thanks.

You don't actually need to use standby IP addresses on all the interfaces eg. if you only had one public IP you may not be able to. But without a standby address on an interface you won't be able to monitor on that interface and you won't be able to connect to the standby firewall on that interface.

Jon

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Jon Marshall

‎10-14-2010 06:16 PM

If the interfaces use private, RFC 1918 address space I'd certainly configure standby IP address. If the interfaces

use routable IP address and you are short of addresses then, you can get by without configuring standby IP address for just those interface(s).

You can see some failover sample config here:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#lanbas

You can see both primary and secondary complete config in the above link.

-KS

0 Helpful

Go to solution
Peter Kim
Level 1
Level 1
In response to Kureli Sankar

‎10-15-2010 07:44 AM

thanks for your replies.  I was using that document on the link.  The question I have is that if I use primary as X.X.X.1 and standby as X.X.X.2, what happens primary unit goes down?  The secondary unit takes over the X.X.X.1 address?  Does my GW IP stay same for end workstations?  I'm little confused on this.  Thanks again.

0 Helpful

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Peter Kim

‎10-15-2010 07:55 AM

You are right. The active unit will use the same ip always. In your case it is x.x.x.1.

In a failover event they will swap ips and macs, so you don't need to change gateways or anything else. The hosts will think they are talking through the same GW and path.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card