Bill H
asked on
Public IP's for Cisco WAN HA
Hi, i have 2 Cisco ASA 5506 firewall with Sec+ licenses. I am configuring them for HA as well as WAN failover.
Now, on the WAN failover side, do i need to have unique public IP addresses for both WAN links to each firewall?
For ex:
WAN1 (ASA1) - 192.168.1.1
WAN1 (ASA2) - 192.168.1.2
I know on sonicwall this is not required.
Now, on the WAN failover side, do i need to have unique public IP addresses for both WAN links to each firewall?
For ex:
WAN1 (ASA1) - 192.168.1.1
WAN1 (ASA2) - 192.168.1.2
I know on sonicwall this is not required.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are using either ACTIVE/ACTIVE or ACTIVE/PASSIVE setup it's mandatory to configure IP addresses for all interfaces and on both sides (primary and secondary).
Each interface on (Prim./Secon) should be configured from the same subnet.
For example, if there is a mismatch on IP address configuration in one of the interfaces between the primary/ secondary units, it will lead to a catastrophic In case of a failure happened on that Int. because it used for management and monitoring issue by sending out the hello messagesو when a disaster happens how the Backup interfaces will take-over the traffic?
for more information, please check the link below of CISCO ASA HA Guide
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf