×
all 6 comments

[–]pedrotheterrorI have tried nothing and am all out of ideas 4 points5 points  (5 children)

With ASA, the secondary IP is always reachable, just like the primary IP.

[–]FastEthernetCCNA Security[S] 0 points1 point  (4 children)

Perhaps I'm not explaining correctly.

I have on ASA1 the management interface configured with 10.0.0.1/24 and on ASA2 it's configured as 10.0.0.2/24. whenever failover was configured and I'm consoled into ASA2 it seems as if the replication has changed the ip from 10.0.0.2 to 10.0.0.1.

[–]Black_Light 7 points8 points  (2 children)

Yes. This is normal. You need to configure your interface to have a standby IP. Don’t try to set a different config on the standby unit as it will just be overwritten by the primary.

Set your management interface on the primary like follows:

ip address 10.0.0.1 255.255.255.0 standby 10.0.0.2

Your primary unit will be accessible from 10.0.0.1 and your standby ASA will now be accessible from 10.0.0.2

[–]FastEthernetCCNA Security[S] 4 points5 points  (0 children)

Ah! I knew I was forgetting something. Perfect thanks. I needed the standby IP.

[–]Poulito 0 points1 point  (0 children)

It’s easy to confuse primary/secondary with active/standby. Wherever you have primary above, it should say Active. Primary/secondary role stays with the unit it was configured on, whether it is active or standby.

[–]Sl33ps 0 points1 point  (0 children)

Did yoy configure the ASA1 is stand by, and ASA2 is active? For the failover change.