Hello Sina
When configuring the ASAs in active/standby mode, ASA1 is configured fully with IP addresses on all interfaces. When ASA 2 is configured, you only configure the commands that allow it to function as the standby device. This means that no outside or inside interfaces are configured and no IP addresses are configured on these interfaces.
In the configuration of the ASA1 however, you can see the following commands implemented on interface Ethernet 0/1:
ASA1(config)# interface Ethernet 0/1
ASA1(config-if)# nameif OUTSIDE
ASA1(config-if)# ip address 192.168.2.254 255.255.255.0 standby 192.168.2.253
The command standby 192.168.2.253 in essence configures the IP address of the standby device.
So, if a failover does occur where ASA1 is no longer functioning, ASA2 will assume the active role. This means that ASA2 will adopt the IP addresses and MAC addresses of the interfaces of the failed unit will begin to pass traffic. If ASA1 comes back online, ASA2 will remain active and ASA1 will assume the standby IP addresses. In essence, they swap IP and MAC addresses whenever there is a failover.
Because network devices see no change in the MAC to IP address pairing, no ARP entries change or time out anywhere on the network, and hosts know nothing of the failover.
In the verification section, some output of the show failover command on ASA1 shows the following:
Last Failover at: 12:23:34 UTC Dec 19 2014
This host: Primary - Active
Active time: 1664 (sec)
slot 0: ASA5510 hw/sw rev (2.0/9.1(5)) status (Up Sys)
Interface INSIDE (192.168.1.254): Normal (Monitored)
Interface OUTSIDE (192.168.2.254): Normal (Monitored)
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 31 (sec)
slot 0: ASA5510 hw/sw rev (1.1/9.1(5)) status (Up Sys)
Interface INSIDE (192.168.1.253): Normal (Monitored)
Interface OUTSIDE (192.168.2.253): Normal (Monitored)
slot 1: empty
If ASA1 fails and comes back up, ASA 2 will take the active role and ASA 1 will take the standby role and the output would be reversed like so:
Last Failover at: 12:23:34 UTC Dec 19 2014
This host: Secondary - Standby Ready
Active time: 31 (sec)
slot 0: ASA5510 hw/sw rev (1.1/9.1(5)) status (Up Sys)
Interface INSIDE (192.168.1.253): Normal (Monitored)
Interface OUTSIDE (192.168.2.253): Normal (Monitored)
slot 1: empty
Other host: Primary - Active
Active time: 1664 (sec)
slot 0: ASA5510 hw/sw rev (2.0/9.1(5)) status (Up Sys)
Interface INSIDE (192.168.1.254): Normal (Monitored)
Interface OUTSIDE (192.168.2.254): Normal (Monitored)
slot 1: empty
The IP addresses would be swapped.
I hope this has been helpul for you!
Laz