We currently have a single ASA with 4 active interfaces. We have a 2nd firewall to put in as a standby unit. We are running 8.2.2

One interface, CLIENT_DMZ, connects to a customer and the all the machines on the inside of the ASA are natted and the source address is important as the customer filters based on source IP. If I configure the standby unit, will this nat rule carry over.

Second, how can I get OSPF to advertise the standby ip address instead of the address of the physical interface to this customer?


when configured in active/standby routed mode only the active ASA passes traffic. It owns the IP/MAC addresses. In case of failover the passive unit becomes active and it's going to take ownership of the IP/MAC addresses. You only need to worry about the primary IP address. Keep in mind that routing information is syncrhonized between the units starting with 8.4.x.
