I installed ASA5520 pair in transparent mode for the server farm in one of my customer data center. The server farm switches are 3750 with stacked using the stacking cable.
When i found the primary firewall in standby i used in console "failover active" to bring it to the active state.
As soon as this FW comes active all the server farms switch ports LEDs are blinking fast and some of the server seems reseted. The whole network down untill again we brought back the standby secondary firewall to the active by no failover active in primary FW.
What went wrong during the FW switchover to the active state.
Also how can we access the ASDM using the management 0/0 interface.
The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.
You probably formed a L2 loop, because the ASA working in transparent mode acts as a bridge.
In which way did you connect the switches and ASA's?
I have a similar project to implement in few days and I am thinking how to connect the ASA in transparent mode and 2 or 4 redundant switches without going into loops L2. I know that STP will block a port to remove the loop, but if the active ASA fails the STP topology should also change.
I am not sure if there is a way to build a functional topology with ASA both transparent and active/failover modes.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...