Hi all,
In an active/passive ASA cluster you have a primary unit and a secondary unit - let's call this a role. Each unit also has a state which is either active or standby. When you define the ip on an interface the syntax is: "ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2". This means that the IP address is bound to the state, not the role of the interface. I've always found this confusing, when doing a failover you can end up on the other box without even realizing it.
Is there any possibility to bind one of the interface to the actual hardware box, such that in the case of a failover when the states of the boxes change they address remains bound to the same hardware?
I would be tempted to say that if I just enter "ip address 192.168.1.1 255.255.255.0" without the standby part, then this would work, but then the ASA will replicate this to the standby unit and I will end up with a duplicate IP situation, I suppose.
To summarize - supposing I have an active/standby ASA cluster with one box in datacenter A and one box in datacenter B, can I configure an IP address i such a way that it will always take me to the box in datacenter A, regardles of the state of that box at that time?
Is this possible in multiple context mode?
Otherwise I guess the only way to do achieve what I want is via a console router, or worse, going into the dc and putting in a console cable into the ASA.
Regards,
Paul
No comments:
Post a Comment