ASA Standby configuration

We currently have a single ASA with 4 active interfaces. We have a 2nd firewall to put in as a standby unit. We are running 8.2.2

So here are the questions:

One interface, CLIENT_DMZ, connects to a customer and the all the machines on the inside of the ASA are natted and the source address is important as the customer filters based on source IP. If I configure the standby unit, will this nat rule carry over.

Second, how can I get OSPF to advertise the standby ip address instead of the address of the physical interface to this customer?


Who is Participating?
when configured in active/standby routed mode only the active ASA passes traffic. It owns the IP/MAC addresses. In case of failover the passive unit becomes active and it's going to take ownership of the IP/MAC addresses. You only need to worry about the primary IP address. Keep in mind that routing information is syncrhonized between the units starting with 8.4.x.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.