Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
1
Replies

Monitor interface vlan with ASA 5505 in HA Active/Standby Deployment

tranminhc
Level 1
Level 1

‎07-09-2013 08:50 AM - edited ‎03-11-2019 07:09 PM

Hi,

I doing HA Active/Standby Deployment with two ASA 5505. ASA documents mention that it will monitor all physical interfaces itself to decide a failover. But in my case I configure vlan interface instead of physical interface. My inside interfaces in each ASA connect to two diferent Switches. My question is if one inside physical interface (lead to one switch) down, does the failover occur? I suspect it does not, but I would like to make sure before doing HA.

Any replies will be appreciated.

7-9-2013 10-30-32 PM.jpg

Labels:
0 Helpful
1 Reply 1

sandevsingh
Level 1
Level 1

‎08-29-2013 08:16 AM

Hi, I usually instead of doing a cross-connect on the inside leave it to something like A-to-A and B-to-B if the switches are not doing VSS or VPC. So I would just connect eth0/7 from ASA-A to SW-A and similar on ASA-B. This makes it cleaner.

You can then control if you want to failover if the PO goes down or any 1 of the 2 interfaces in the PO go down.

I am not saying that your above design is invalid, but I have usually done this in the past.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card