Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-26 Thread David White, Jr. (dwhitejr)
Hi Ahsan, Replies inline... On 11/25/2014 5:00 PM, Ahsan Rasheed wrote: > > Hi David, Fabien & all who replies , > > > > First I would like to say thank you so much for helping me on this issue. > > > > I would like to clear few things. Customer is using /30 IP on Active > Firewall and Stand

Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread Ahsan Rasheed
Hi David, Fabien & all who replies , First I would like to say thank you so much for helping me on this issue. I would like to clear few things. Customer is using /30 IP on Active Firewall and Standby configured as no IP on its outside interface. Whenever fail-over occurs, the issue is having

Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread David White, Jr. (dwhitejr)
Hi Ahsan, The customer cannot configure the 'same' IP address on both ASAs in an Active/Standby pair. Each ASA's outside interface must have it's own IP (or the Standby could be configured without an IP - but in that case the physical interface would not be monitored for all failures). When the

Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread Fabien DEDENON
Le 25/11/2014 18:48, Nick Hilliard a écrit : > On 25/11/2014 17:27, Scott Miller wrote: >> In my setup, each ASA has a different IP. > > which means that active / failover will not operate on a /30. The OP will > need /29 or larger. > Yes you can use one /30 ip for master and nothing for secondary

Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread Nick Hilliard
On 25/11/2014 17:27, Scott Miller wrote: > In my setup, each ASA has a different IP. which means that active / failover will not operate on a /30. The OP will need /29 or larger. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.

Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread zzif
25.11.2014, 18:50, Ahsan Rasheed wrote: Any other solution is possible, can we(ISP) use on our side to clear his arp automatically when his primary ASA firewall drops the connection and try to connect the secondary firewall same public IP but different Mac address. Hi, I would use separate add

Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread Scott Miller
In my setup, each ASA has a different IP. When the failover becomes active, it assumes the IP of the active unit, and when the primary comes back online, it assumes the IP of the failover unit. The documentation for this setup can also be found here: http://www.cisco.com/c/en/us/td/docs/security

[c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover

2014-11-25 Thread Ahsan Rasheed
Hi Guys, Actually I would like to know if you guys can provide me the solution on below issue. we are providing internet to one of our customer. our Connection is connected on customer onsite 3 com switch. on 3com switch, his two ASA firewalls are connected, Primary/Secondary as Active/Standb