ASA Failover Connection

Cody Ridge — Mon, 11 Mar 2019 20:10:48 GMT

Hello,

I have two ASA devices I am configuring for stateful, LAN based failover.

One of the gigabitethernet interfaces on each ASA will be used for failover

Both LAN failover data and stateful data streams will pass on the same gig interface

The ASA gig failover interfaces will be connected with a switch

I have read that it is best practice to use a switch as opposed to a crossover cable. However, this raises a couple of questions.

Should the switch ports support gigabit speed to match the ASA gigabit interfaces? Or is it fine for the switch ports to be FE?

What if the switch connecting the ASA failover interfaces fails?

Will each ASA assume the other ASA has failed since failover data cannot be sent?

Will each ASA attempt to become Primary Active?

Thank you,

Re: ASA Failover Connection

nileshrathi_18 — Tue, 22 Mar 2011 15:40:00 GMT

Hi Cody,

to be honest i am not an Security expert but will answer your questions from my experience.

It is not necessary to use gigabit switchports to connect the ASA. You can get them working by modifying the speed settings.

If the switch connecting the failover interfaces fails then each ASA will assume itself to be the active ASA while the active ASA is still active because it think that the active ASA is no longer reachable(because it assumes the active ASA to be dead)

Thats the reason if both the ASAs are located at the same colocation area, it is best to use a cross-over cable to connect them.

Hope these answer your questions. Please rate the solution if you find it helpful.

Regards,

Nilesh

topic ASA Failover Connection in Network Security

ASA Failover Connection

Re: ASA Failover Connection