Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 689
  • Last Modified:

ASA Standby configuration

We currently have a single ASA with 4 active interfaces. We have a 2nd firewall to put in as a standby unit. We are running 8.2.2

So here are the questions:

One interface, CLIENT_DMZ, connects to a customer and the all the machines on the inside of the ASA are natted and the source address is important as the customer filters based on source IP. If I configure the standby unit, will this nat rule carry over.

Second, how can I get OSPF to advertise the standby ip address instead of the address of the physical interface to this customer?

Thanks!!

James
0
jdjames21
Asked:
jdjames21
1 Solution
 
DanJCommented:
when configured in active/standby routed mode only the active ASA passes traffic. It owns the IP/MAC addresses. In case of failover the passive unit becomes active and it's going to take ownership of the IP/MAC addresses. You only need to worry about the primary IP address. Keep in mind that routing information is syncrhonized between the units starting with 8.4.x.
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now