HA setup and routing

jfschultz · March 24, 2016, 11:28am

Hello,

I have ASA firewalls with multiple VLANs trunked on their interfaces, with sub-interfaces for each vlan. As discussed in a previous post, I use the sub-interface’s IP as the default gateway for the corresponding VLAN.

However, these ASAs are in HA mode (active/standby) and therefore my configuration looks like:
ip address IP1 MASK standby IP2

I haven’t tested live but I wonder what will happen when failover occurs - the secondary ASA will become active, but what IP will be the “master”? IP1 or IP2?

In case IP2 becomes the master, then I simply loose my VLAN’s default gateway, am I correct?

ReneMolenaar · March 28, 2016, 1:19pm

Hi Jeff,

The standby IP is used by the standby ASA for remote management and to detect failover.

When failover occurs, the standby ASA will use the primary IP address and MAC address so there’s nothing you have to change on your hosts. They won’t notice anything.

Rene

jfschultz · March 29, 2016, 2:41pm

Happy to read that, really. Thanks!