ASA 5510 Active/Passive

Dear Guys,

Currently i'm configuring two ASA 5510 firewall for Active/Passive mode.

This is my first time configuring this so i have some concern.

I understand that we need to configure a IP address and a standby address on each interface

(Example: As below) Configure the same in both ASA5510

interface Vlan1
 nameif inside
 security-level 100
 ip address 10.33.10.31 255.255.255.0 standby 10.33.10.30

interface Vlan2
 nameif outside
 security-level 0
 ip address 10.33.20.31 255.255.255.0 standby 10.33.20.30

My question is: what is the main purpose of the standby IP as the both firewall are having the same configuration. 

My concern: currently my core switch default route is route to 10.33.10.31 then what will happen if the 2nd firewall takes over will my users be able to go out to external sites ? Will the standby IP be the active IP on the 2nd firewall inside interface.

Appreciate all your advice

Many Thanks   

Comments

Sign In or Register to comment.