ASA 5510 Active/Passive

Dear Guys,

Currently i'm configuring two ASA 5510 firewall for Active/Passive mode.

This is my first time configuring this so i have some concern.

I understand that we need to configure a IP address and a standby address on each interface

(Example: As below) Configure the same in both ASA5510

interface Vlan1
 nameif inside
 security-level 100
 ip address standby

interface Vlan2
 nameif outside
 security-level 0
 ip address standby

My question is: what is the main purpose of the standby IP as the both firewall are having the same configuration. 

My concern: currently my core switch default route is route to then what will happen if the 2nd firewall takes over will my users be able to go out to external sites ? Will the standby IP be the active IP on the 2nd firewall inside interface.

Appreciate all your advice

Many Thanks   


Sign In or Register to comment.