I would like to setup two Cisco ASA firewalls in a failover configuration. However, my ISP gives me a single address and ethernet port on their CPE device. I am assuming that I would then need to put some sort of network HUB (not a switch) between the CPE device, and the two ASA Firewalls. Is this correct? (that way, the standby could 'steal' the ip, and the CPE device would be none the wiser, and my tunnels and connections could just keep on humming)
Also, searching the internet for network hubs is returning all sorts of consumer grade crap. I know that we don't do product recommendations, but is there a terminology for the equipment that would get me something a little more enterprise grade? (ie, I would want dual power supplies, rack mounting, etc)
Actually, a switch should work fine.
When a failover occurs, the ASA will send gratuitous ARP to take over the virtual MAC address on the interface; as long as the switch doesn't have a problem with this, traffic will start being sent to the newly-active ASA's port immediately.