Re: ASA actice/standby with subinterface

isk-admin · ‎10-30-2007

I try to configure active/standby with ASA5520 Version 8.0(2). In configuration guide I read:

The if_name argument assigns a name to the interface specified by the phy_if argument. The phy_if argument can be the physical port name, such as Ethernet1, or a previously created subinterface, such as Ethernet0/2.3.

But when I try to do this, I get an error message:

ERROR: Can not configure failover interface on a shared physical interface

What is going wrong?

conversyschris · ‎10-30-2007

If I recall correctly from my ASA setup (about 14 months ago so I could be mistaken), we tried setting our failover interface on a sub-interface and it didnt work. I then took a look at some Cisco documentation and they suggest that you use a dedicated interface for Failover (that is what we did). We have 1 interface for failover, 1 for DMZ, 1 for Outside and 1 for Inside and everything is functioning correctly. I am trying to find the link I used from Cisco when researching this, but I am fairly sure that was what I came up with.

Hope this helps

Chris

isk-admin · ‎10-31-2007

I have the same experience with the dedicated interface but CISCO said it must work with a subinterface too! I do not like to use one interface only for failover.

hogoqo · ‎10-31-2007

I think you can use a redundant interface but you can not use a subinterface for teh failover link. For stateful failover link you can share even with a regular data link but it is not recommended and the ASA will issue out a warning.