Certificate requirements for 2 ASA in failover mode

livenliven Senior MemberMember Posts: 918
Ok,

have 2 asa devices only one is active at a time. When one fails the other assumes the IP of the failed device and hopefully the network and users never know the difference.

Now if I am going to use certificates in this situation for secure communications etc... Should I use the same certificate on both ASA devices? In my eyes it seems that this would make more sense over both devices having different certs....
encrypt the encryption, never mind my brain hurts.

Comments

  • dtlokeedtlokee Village Idiot Member Posts: 2,378 ■■■■□□□□□□
    Well since the secondary unit gets all of it's configuration from the primary unit they would have the same certificate. If you think about it this makes sense when you're using stateful failover where all of the IPSec SA's are maintained if the primary unit fails. The units effectively act as a single device.
    The only easy day was yesterday!
  • livenliven Senior Member Member Posts: 918
    Look don't go and be MR. SMARTY PANTS ON ME!!!!

    JK.

    Thanks man, I pretty much knew the answer to this. But since your the man you just confirmed it for me!

    Thanks.
    encrypt the encryption, never mind my brain hurts.
Sign In or Register to comment.