ASA Active / Standby, can I recycle the inside interface of the Standby
Futura
Member Posts: 191
So I got myself a couple of 5525x ASAs,
Configured inside and outside interfaces, the usual stuff.
Connected them together with xovers and set up failover. All fine,.
So now, the secondary is a duplicate of the primary. agreed?
Does that mean I can reuse the IP address I originally set to the inside interface of the secondary? or should I keep it free and available. I'm not short on addresses by the way. I'm just curious.
Many thanks:)
Configured inside and outside interfaces, the usual stuff.
Connected them together with xovers and set up failover. All fine,.
So now, the secondary is a duplicate of the primary. agreed?
Does that mean I can reuse the IP address I originally set to the inside interface of the secondary? or should I keep it free and available. I'm not short on addresses by the way. I'm just curious.
Many thanks:)
Comments
-
Jason0352
Member Posts: 59 ■■□□□□□□□□
I'm no security guru, but the way we have it setup is the secondary inside int has it's own IP assigned. In an event of a failover, the secondary assumes the primarys inside IP and traffic flows without incident.
This host: Secondary - Standby Ready
Active time: 647 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface outside (X.X.X.X): Normal
Interface inside (10.10.1.5): Normal
slot 1: ASA-SSM-20 hw/sw rev (1.0/6.0(6)E3) status (Up/Up)
IPS, 6.0(6)E3, Up
Other host: Primary - Active
Active time: 8294562 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.2(5)) status (Up Sys)
Interface outside (X.X.X.X): Normal
Interface inside (10.10.1.6): Normal
slot 1: ASA-SSM-20 hw/sw rev (1.0/6.0(6)E4) status (Up/Up)
IPS, 6.0(6)E4, Up -
kalebksp
Member Posts: 1,033 ■■■■■□□□□□
The configuration should be automatically sync'd for a single context, assuming the failover is setup properly. In other words the address you originally specified on the standby ASA should have been overwritten. If you specified standby addresses on the primary with 'ip address x.x.x.x x.x.x.x standby x.x.x.x' that IP can be used to connect to the standby unit for management purposes.
If the standby unit becomes active the standby address will be assigned to the device that was previously active.
It's best to assign a standby address because it's also used to detect failures (if no traffic is received on the primary's interface but there is traffic being received on the secondary's a failover will occur). Though it is not absolutely necessary, sometimes I don't when a spare external IP is not available. -
Futura
Member Posts: 191
In other words the address you originally specified on the standby ASA should have been overwritten.
Super, Many thanks.