From: Todd Veillette (tveillette@ct.metrocast.net)
Date: Tue Jun 12 2007 - 23:54:38 ART
Must be dedicated to failover only, if it is vlan/trunk it won't work.
You will know it takes as the interface will name itself.
-TV
----- Original Message -----
From: "Brian Walls" <need2bccie@gmail.com>
To: "Guyler, Rik" <rguyler@shp-dayton.org>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, June 12, 2007 9:14 PM
Subject: Re: asa failover using management interface
> Try removing the vlans and subinterfaces and just do it under the original
> managment0/0
> Not sure if asa accepts 'failover' as the nameif under the failover
> commands, i have always used 'standby'
>
> (make sure there is zero configuration under the management, dont specify
> the nameif, etc)
>
> On 6/12/07, Guyler, Rik <rguyler@shp-dayton.org> wrote:
>>
>> While I've never tried to actually run a service over the mgmt
>> interfaces,
>> this doesn't surprise me. Those interfaces are designed to only give
>> access
>> to the device and nothing else. It would be a potential security breach
>> to
>> allow anything to source out of those interfaces since they are supposed
>> to
>> be useless should the device ever become compromised.
>>
>> Rik
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> sebastan bach
>> Sent: Tuesday, June 12, 2007 5:51 PM
>> To: ccielab@groupstudy.com
>> Subject: asa failover using management interface
>>
>> hi all i am trying to setup asa failover using the management interface.
>>
>> asa1
>>
>> int e0/0
>> nameif inside
>> ip add 10.1.1.1 255.255.255.0 standy 10.1.1.2 no sh
>>
>> int e0/1
>> nameif outside
>> ip add 1.1.1.1 255.255.255.0 standy 1.1.1.2 no sh
>>
>> int m0/0
>> no sh
>> no management-only
>>
>> int m0/0.1
>> no sh
>> vlan 30
>> no management-only
>>
>> failover
>> failover lan unit primary
>> failover lan interface failover m0/0.1
>> failover interface ip failover 172.16.1.1 255.255.255.0 standby
>> 172.16.1.2
>> failover key cisco failover link failover m0/0.1
>>
>> asa2
>>
>> int m0/0
>> no sh
>> no management-only
>>
>> int m0/0.1
>> no sh
>> vlan 30
>> no management-only
>>
>> failover
>> failover lan unit secondary
>> failover lan interface failover m0/0.1
>> failover interface ip failover 172.16.1.1 255.255.255.0 standby
>> 172.16.1.2
>> failover key cisco failover link failover m0/0.1
>>
>>
>> the asa 's are not getting failover messages from each other.
>> no response from mate
>> finally both the asa's are becoming active.
>>
>> is failover not suppose to run on the management interface even if i have
>> made it a data interface and using it dedicately for failover.
>>
>> can someone pls help me on this.,
>>
>> waiting for reply.
>>
>> regards
>>
>> sebastan
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:48 ART