ASA failover - basic questions

gautamzone · ‎09-24-2006

Hi friends,

Just wanted to know a few things. The platform is confined to ASA 5540 and version 7.0

1.Can I not telnet into one of standby's interface Ip's? This is just to check if it has the same configuration as the active one? I just want to escape the server room air-conditing and consoling to the standby unit to check config.

2. Is pinging not possible to any of the standby IP's of Standby unit?

3. If outside (public IP) interface of Active unit has no standby IP (to conserve address space), is it ok? What are the effects of not having a standby IP?

4. What is the role of management0/0 interface in failover configuration? Is management interface really necessary for a failover configuration? What exactly is the purpose of it? Can i do a successful failover with a shutted management interface?

Thanks a lot

Gautam

gautamzone · ‎09-25-2006

Hi friends,

I found an answer to my own questions when I tried it out!! Just wanted to share the same with all of you.

1. Telnetting was possible to the inside interface standby IP. So, no need to have console access to the standby unit. It did not work earlier as the inside interface was connected to a different switch port. When changed, I was able to telnet to inside interface.

2. I was also able to ping inside standby IP

3. Not having a standby public IP for outside interface did not matter. It just showed up as 0.0.0.0 in show monitor-interface command. But when switched to active, it took the active public IP.

4. I think that management0/0 interface is a good option to use when in transparent firewall mode. Since, there are no IP's used for other interfaces, the firewall is managed using the management interface IP.

Thanks and Regards

Gautam