Networking Forum powered by InfoSec Insitute

Hi;

In configuring Failover between two ASA 5500x series ASA, we assign different IPs to any interfaces on both ASA; for example, we assign 1.1.1.1 to inside interface on primary ASA and 1.1.1.2 to inside interface of standby ASA. so if the ASA is going to be default gateway, which of these IP addresses need to be set as clients default gateway? do we need to configure VRRP/HSRP on ASA as well as the failover for this?

regarding there is no any reply since posting the topic, I'm going to post the answer that I found by myself, thanks to the forum!!

I searched the Cisco support page and found the doc. we need to setup client's GW to point to the primary ASA. on failover, the standby ASA will assume the IP/MAC addresses of the primary, so no interruption will occur on the passing traffic. if primary ASA comes back, it will preempt the IP/MAC addresses again and this will be transparent to users. even we can setup virtual MAC on ASA devices. I'm going to put the link here for reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/ha-failover.html#ID-2107-000000a8