Certificate requirements for 2 ASA in failover mode

livenliven Member Posts: 918

have 2 asa devices only one is active at a time. When one fails the other assumes the IP of the failed device and hopefully the network and users never know the difference.

Now if I am going to use certificates in this situation for secure communications etc... Should I use the same certificate on both ASA devices? In my eyes it seems that this would make more sense over both devices having different certs....
encrypt the encryption, never mind my brain hurts.


  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Well since the secondary unit gets all of it's configuration from the primary unit they would have the same certificate. If you think about it this makes sense when you're using stateful failover where all of the IPSec SA's are maintained if the primary unit fails. The units effectively act as a single device.
    The only easy day was yesterday!
  • livenliven Member Posts: 918
    Look don't go and be MR. SMARTY PANTS ON ME!!!!


    Thanks man, I pretty much knew the answer to this. But since your the man you just confirmed it for me!

    encrypt the encryption, never mind my brain hurts.
Sign In or Register to comment.