02-13-2009 02:44 PM - edited 03-09-2019 10:02 PM
I am setting up active\standby failover on 2 ASA 5510's. I am also setting up a backup ISP link. Now should I set the monitor-interface on the inside and backup interfaces
So that if the inside goes down it fails over to the secondary device and if the outside interface to the Main ISP link goes down it starts sending traffic out through the Backup interface and if that goes down it fails over to the secondary device.
Another question can I use the Management0/0 interface for the for Failover connection? If not I have ran out of ports, I am using ports for Outside, Inside, Backup and DMZ.
02-16-2009 06:39 AM
Your failover scenario involves two aspects. Link failure and ISP failure.
Link failures on the priumary asa cause failover to the secondary ASA so you can pick and choose which interfaces need to be addressed here.
The second thing can be solved by object tracking on the primary ISP so that if that object tracking component fails, you will use the second ISP.
Yes you can use the MGMNT interface.
-C
02-20-2009 07:25 AM
Whe you setup an ASA for failover is it just checking that it's own interfaces are working and passing traffic or what it is connected to, like the port of the switch to the inside network and the ISP modem to the outside or both.
02-20-2009 07:35 AM
It checks the health of it's peer and by doing so it s checking the path integrity between the two ASA's.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide