all 6 comments

[–]pedrotheterrorI have tried nothing and am all out of ideas 4 points5 points  (5 children)

With ASA, the secondary IP is always reachable, just like the primary IP.

[–]FastEthernetCCNA Security[S] 0 points1 point  (4 children)

Perhaps I'm not explaining correctly.

I have on ASA1 the management interface configured with and on ASA2 it's configured as whenever failover was configured and I'm consoled into ASA2 it seems as if the replication has changed the ip from to

[–]Black_Light 7 points8 points  (2 children)

Yes. This is normal. You need to configure your interface to have a standby IP. Don’t try to set a different config on the standby unit as it will just be overwritten by the primary.

Set your management interface on the primary like follows:

ip address standby

Your primary unit will be accessible from and your standby ASA will now be accessible from

[–]FastEthernetCCNA Security[S] 4 points5 points  (0 children)

Ah! I knew I was forgetting something. Perfect thanks. I needed the standby IP.

[–]Poulito 0 points1 point  (0 children)

It’s easy to confuse primary/secondary with active/standby. Wherever you have primary above, it should say Active. Primary/secondary role stays with the unit it was configured on, whether it is active or standby.

[–]Sl33ps 0 points1 point  (0 children)

Did yoy configure the ASA1 is stand by, and ASA2 is active? For the failover change.