• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

Active/Standby configuration on WAN ip

Hi,

I need to setup 2 Cisco ASA 5510 boxes in a Active/Standby failover mode...  My question is if I can use our WAN ips as outside IP's....  So use 3 WAN adresses for the 2 units...?
0
it-row
Asked:
it-row
  • 2
1 Solution
 
harbor235Commented:


All you need is 2 outside IPs in active/standby. You will need additional addresses for the connection between them, however, this can be rfc1918 space, you need a dedicated failover interface per FW.

2 outside address per two units

harbor235 ;}
0
 
it-rowAuthor Commented:
If they are configured with an static IP per device. How can they "share"  the IP my VPN sites/clients connects to ?   As I understand the standby device should start to respond on the failed device's outside IP if an error occure...
0
 
harbor235Commented:

When a failure occurs the standby assumes the IP (and mac if configured) of the configured primary ip,

the config on the primary for a interface used in A/S looks something like this;

ip address 1.1.1.1 255.255.255.0 standby 1.1.1.254    (this is an example)

the primary has the IP of the active and standby in its config, the secondary does not get the full config just failover parameters and a IP address for the failover interface. The two firewalls talk and the config gets copied to the failover unit.

harbor235 ;}
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now