We have site (A) and site (B), there is layer 2 connectivity between the two sites. The primary ASA is located at site A and the standby ASA is located at site B. Each site has its own internet connection using BGP. If the primary ASA fails the secondary takes over, but if the L2 connectivity is lost both go active.
Is there anyway to use interface tracking on the primary ASA so that if it loses connectivity to an IP address at site B it shuts down its interface and goes into failed status, so when the secondary ASA goes active there is no IP address conflict.
Well the way SLA monitoring on ASA works, the purpose is to have a backup link in case the primary one fails using a feature called "Static route Tracking". This is given in the document that Frederico posted. It will not help you with your requirement exactly.
How is the failover interface between the 2 ASAs connected? It is recommended for them to be connected either directly or using a switch in between. We need to basically ensure that the 2 ASAs never lose connectivity over the Failover interface. Please ensure that you do this. If you have this, you should not face the problem of both the ASAs going active.
Please do paste a diagram of how the failover interface is connected presently.
Well, actually there are three sites connected by 10GB Fiber, the ASA;s are in two different locations. I just wanted to know if there is a multi-site failover solution that allows the VPN on the ASA to have failover without splitting the pairs? and without configuring a secondary peer
If the 2 ASAs are in different locations then please ensure that we have a reliable connection between them on the "failover interface" and the "stateful failover link" as well for failover to function properly.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...