Just wanted to know a few things. The platform is confined to ASA 5540 and version 7.0
1.Can I not telnet into one of standby's interface Ip's? This is just to check if it has the same configuration as the active one? I just want to escape the server room air-conditing and consoling to the standby unit to check config.
2. Is pinging not possible to any of the standby IP's of Standby unit?
3. If outside (public IP) interface of Active unit has no standby IP (to conserve address space), is it ok? What are the effects of not having a standby IP?
4. What is the role of management0/0 interface in failover configuration? Is management interface really necessary for a failover configuration? What exactly is the purpose of it? Can i do a successful failover with a shutted management interface?
I found an answer to my own questions when I tried it out!! Just wanted to share the same with all of you.
1. Telnetting was possible to the inside interface standby IP. So, no need to have console access to the standby unit. It did not work earlier as the inside interface was connected to a different switch port. When changed, I was able to telnet to inside interface.
2. I was also able to ping inside standby IP
3. Not having a standby public IP for outside interface did not matter. It just showed up as 0.0.0.0 in show monitor-interface command. But when switched to active, it took the active public IP.
4. I think that management0/0 interface is a good option to use when in transparent firewall mode. Since, there are no IP's used for other interfaces, the firewall is managed using the management interface IP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :