Director of Information Technology

David Mundt

<div>
Perfect! This is precisely what I thought!<br />
<br />
Thanks,<br />
David
</div>


Perfect! This is precisely what I thought!

Thanks,
David

<div>
I'm a little confused about some things. In particular what will happen when both ASAs are receiving traffic from the same public range. I know if they were not set in failover (active/standby) this would cause all sorts of issues. As for internal config such as DHCP I guess I'd need to define 2 gateway addresses in the event of a failover? <br />
<br />
IP Ranges are examples<br />
Public IP Range 10.0.0.1/29<br />
ASA1 Outside Eth00 10.0.0.2<br />
ASA1 Inside Eth01 192.168.1.1/24<br />
ASA1 (Active) Eth02 &lt;-----&gt; ASA2 (standby) Eth02<br />
<br />
ASA2 Outside Eth00 10.0.0.3 &nbsp;<br />
ASA2 Inside Eth01 192.168.1.2/24<br />
ASA2 (standby) Eth02 &lt;-----&gt; ASA1 (active) Eth02
</div>


I'm a little confused about some things. In particular what will happen when both ASAs are receiving traffic from the same public range. I know if they were not set in failover (active/standby) this would cause all sorts of issues. As for internal config such as DHCP I guess I'd need to define 2 gateway addresses in the event of a failover?

IP Ranges are examples
Public IP Range 10.0.0.1/29
ASA1 Outside Eth00 10.0.0.2
ASA1 Inside Eth01 192.168.1.1/24
ASA1 (Active) Eth02 <-----> ASA2 (standby) Eth02

ASA2 Outside Eth00 10.0.0.3  
ASA2 Inside Eth01 192.168.1.2/24
ASA2 (standby) Eth02 <-----> ASA1 (active) Eth02

<div>
Hi,<br />
<br />
You don't need to do any configuration on the standby ASA. If you do the failover config correctly on both firewalls, synchronisation of the config from the active firewall will occur from active to secondary.<br />
<br />
Thanks,<br />
<br />
David
</div>


Hi,

You don't need to do any configuration on the standby ASA. If you do the failover config correctly on both firewalls, synchronisation of the config from the active firewall will occur from active to secondary.

Thanks,

David

<div>
Thank you David... I had a suspicion but wanted confirmation!!!
</div>


Thank you David... I had a suspicion but wanted confirmation!!!

<div>
<div class="content wysiwyg-content">
I’m preparing to add a second ASA 5516X to be a failover and am looking for a simple network diagram for 2 ASAs so I can understand how it needs to be connected.
</div>
</div>


I’m preparing to add a second ASA 5516X to be a failover and am looking for a simple network diagram for 2 ASAs so I can understand how it needs to be connected.

Cisco ASA 5516x failover network diagram

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.