[c-nsp] ASA failover - possible with a /30 ?
Dale W. Carder
dwcarder at wisc.edu
Mon Jun 6 22:50:18 EDT 2011
Hi Jeff,
On Jun 6, 2011, at 8:39 PM, Jeff Kell wrote:
> We are trying to move a customer behind our firewall (an active/active
> pair of ASAs). They are currently terminated on our edge via a /30
> point-to-point link, and they would prefer to keep their addressing the
> same.
>
> The other inbound links to these ASAs are setup for failover, with the
> "failover" and "standby" addresses in the failover configuration.
>
> Is it possible to have this link "failover" without a configured standby
> address? or will this interface remain down if the primary goes down?
> Is the "standby" address only used for monitoring?
The simplest solution I can think of is to run the ASA in transparent
mode. Then those IP's are only used for management purposes and only
need to be reachable to network management infrastructure.
Dale
More information about the cisco-nsp
mailing list