<div>
Hi,<br />
<br />
If you are using either ACTIVE/ACTIVE or ACTIVE/PASSIVE setup it's mandatory to configure IP addresses for all interfaces and on both sides (primary and secondary).<br />
<br />
<u>Each interface on (Prim./Secon) should be configured from the same subnet.<br />
</u><br />
For example, if there is a mismatch on IP address configuration in one of the interfaces between the primary/ secondary units, it will lead to a catastrophic In case of a failure happened on that &nbsp;Int. because it used for management and monitoring issue by sending out the hello messagesو when a disaster happens how the Backup interfaces will take-over the traffic? &nbsp;<br />
<br />
for more information, please check the link below of CISCO ASA HA Guide <br />
<a href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf" rel="ugc">https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf</a>
</div>


Hi,

If you are using either ACTIVE/ACTIVE or ACTIVE/PASSIVE setup it's mandatory to configure IP addresses for all interfaces and on both sides (primary and secondary).

Each interface on (Prim./Secon) should be configured from the same subnet.

For example, if there is a mismatch on IP address configuration in one of the interfaces between the primary/ secondary units, it will lead to a catastrophic In case of a failure happened on that  Int. because it used for management and monitoring issue by sending out the hello messagesو when a disaster happens how the Backup interfaces will take-over the traffic?  

for more information, please check the link below of CISCO ASA HA Guide
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf [https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf]

Solutions Architect

Bill H

<div>
<div class="content wysiwyg-content">
Hi, i have 2 Cisco ASA 5506 firewall with Sec+ licenses. I am configuring them for HA as well as WAN failover.<br />
<br />
Now, on the WAN failover side, do i need to have unique public IP addresses for both WAN links to each firewall?<br />
<br />
For ex: <br />
WAN1 (ASA1) - 192.168.1.1<br />
WAN1 (ASA2) - 192.168.1.2<br />
<br />
I know on sonicwall this is not required.
</div>
</div>


Hi, i have 2 Cisco ASA 5506 firewall with Sec+ licenses. I am configuring them for HA as well as WAN failover.

Now, on the WAN failover side, do i need to have unique public IP addresses for both WAN links to each firewall?

For ex: 
WAN1 (ASA1) - 192.168.1.1
WAN1 (ASA2) - 192.168.1.2

I know on sonicwall this is not required.

Public IP's for Cisco WAN HA

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).