Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

transparent firewall failover on ASA5520

Dear All,

I installed ASA5520 pair in transparent mode for the server farm in one of my customer data center. The server farm switches are 3750 with stacked using the stacking cable.

When i found the primary firewall in standby i used in console "failover active" to bring it to the active state.

As soon as this FW comes active all the server farms switch ports LEDs are blinking fast and some of the server seems reseted. The whole network down untill again we brought back the standby secondary firewall to the active by no failover active in primary FW.

What went wrong during the FW switchover to the active state.

Also how can we access the ASDM using the management 0/0 interface.

I need to have the sample config.

Thanks

swami

Thanks

2 REPLIES
Bronze

Re: transparent firewall failover on ASA5520

The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

New Member

Re: transparent firewall failover on ASA5520

You probably formed a L2 loop, because the ASA working in transparent mode acts as a bridge.

In which way did you connect the switches and ASA's?

I have a similar project to implement in few days and I am thinking how to connect the ASA in transparent mode and 2 or 4 redundant switches without going into loops L2. I know that STP will block a port to remove the loop, but if the active ASA fails the STP topology should also change.

I am not sure if there is a way to build a functional topology with ASA both transparent and active/failover modes.

Thanks

Paulo Roque

Network Engineer

278
Views
0
Helpful
2
Replies