Hello,
That configuration is correct. The HA process in the ASA uses the primary IP address of the main (active) firewall. Nothing is actually configured, except for four or five failover lines, on the failover ASA. You can actually leave off the standby IP address, it's only used for management and monitoring.
Do a show failover and you'll see the relevant information.
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Cisco Nuts
Sent: Thursday, May 14, 2009 4:35 PM
To: ccielab_at_groupstudy.com
Subject: Default route in switch in a dual-ASA scenario....
Hi:
If we have 2 ASA's configured for failover connected to 2 switches, is there a
reason why the default route in both switches point to the physical address of
the primary asa.
If the primary asa to switch ip's are .1 and .2 and secondary asa to switch #2
ip's are .3 and .4 and the hsrp active is .100, shouldn't the default route in
both switches point to the .100?
What is different in asa compared to regular routers?
What happens if the primary asa goes down? How will the switches then know how
to route to the primary asa ip: .1?
Or is this config actually wrong?
Thanks !!
CN
Received on Thu May 14 2009 - 16:42:45 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:42 ART