Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 689
  • Last Modified:

ASA Standby configuration

We currently have a single ASA with 4 active interfaces. We have a 2nd firewall to put in as a standby unit. We are running 8.2.2

So here are the questions:

One interface, CLIENT_DMZ, connects to a customer and the all the machines on the inside of the ASA are natted and the source address is important as the customer filters based on source IP. If I configure the standby unit, will this nat rule carry over.

Second, how can I get OSPF to advertise the standby ip address instead of the address of the physical interface to this customer?


1 Solution
when configured in active/standby routed mode only the active ASA passes traffic. It owns the IP/MAC addresses. In case of failover the passive unit becomes active and it's going to take ownership of the IP/MAC addresses. You only need to worry about the primary IP address. Keep in mind that routing information is syncrhonized between the units starting with 8.4.x.

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now