Re: asa failover using management interface

From: Brian Walls (need2bccie@gmail.com)
Date: Tue Jun 12 2007 - 22:14:06 ART

• Next message: Dave Schulz: "RE: Passed RS yesterday"
• Previous message: postmaster@traknet.com: "Delivery Status Notification (Failure)"
• Maybe in reply to: sebastan bach: "asa failover using management interface"
• Next in thread: Todd Veillette: "Re: asa failover using management interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try removing the vlans and subinterfaces and just do it under the original
managment0/0
Not sure if asa accepts 'failover' as the nameif under the failover
commands, i have always used 'standby'

(make sure there is zero configuration under the management, dont specify
the nameif, etc)

On 6/12/07, Guyler, Rik <rguyler@shp-dayton.org> wrote:
>
> While I've never tried to actually run a service over the mgmt interfaces,
> this doesn't surprise me. Those interfaces are designed to only give
> access
> to the device and nothing else. It would be a potential security breach
> to
> allow anything to source out of those interfaces since they are supposed
> to
> be useless should the device ever become compromised.
>
> Rik
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> sebastan bach
> Sent: Tuesday, June 12, 2007 5:51 PM
> To: ccielab@groupstudy.com
> Subject: asa failover using management interface
>
> hi all i am trying to setup asa failover using the management interface.
>
> asa1
>
> int e0/0
> nameif inside
> ip add 10.1.1.1 255.255.255.0 standy 10.1.1.2 no sh
>
> int e0/1
> nameif outside
> ip add 1.1.1.1 255.255.255.0 standy 1.1.1.2 no sh
>
> int m0/0
> no sh
> no management-only
>
> int m0/0.1
> no sh
> vlan 30
> no management-only
>
> failover
> failover lan unit primary
> failover lan interface failover m0/0.1
> failover interface ip failover 172.16.1.1 255.255.255.0 standby 172.16.1.2
> failover key cisco failover link failover m0/0.1
>
> asa2
>
> int m0/0
> no sh
> no management-only
>
> int m0/0.1
> no sh
> vlan 30
> no management-only
>
> failover
> failover lan unit secondary
> failover lan interface failover m0/0.1
> failover interface ip failover 172.16.1.1 255.255.255.0 standby 172.16.1.2
> failover key cisco failover link failover m0/0.1
>
>
> the asa 's are not getting failover messages from each other.
> no response from mate
> finally both the asa's are becoming active.
>
> is failover not suppose to run on the management interface even if i have
> made it a data interface and using it dedicately for failover.
>
> can someone pls help me on this.,
>
> waiting for reply.
>
> regards
>
> sebastan
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Dave Schulz: "RE: Passed RS yesterday"
• Previous message: postmaster@traknet.com: "Delivery Status Notification (Failure)"
• Maybe in reply to: sebastan bach: "asa failover using management interface"
• Next in thread: Todd Veillette: "Re: asa failover using management interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:48 ART