05-25-2019 05:59 PM
hi,
we have two independent/separate ASA 5520 8.2 (multiple/context mode) that i need to do failover/HA while waiting for its HW upgrade. both have same 8.2 code and the only difference i see are their RAM and security context license.
i just would like to confirm if these two will form failover.
ASA-1:
Cisco Adaptive Security Appliance Software Version 8.2(5) <system>
Device Manager Version 7.6(1)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
ASA-1 up 317 days 21 hours
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 0007.7dad.00b6, irq 9
1: Ext: GigabitEthernet0/1 : address is 0007.7dad.00b7, irq 9
2: Ext: GigabitEthernet0/2 : address is 0007.7dad.00b8, irq 9
3: Ext: GigabitEthernet0/3 : address is 0007.7dad.00b9, irq 9
4: Ext: Management0/0 : address is 0007.7dad.00b5, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 20
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.
---
ASA-2:
Cisco Adaptive Security Appliance Software Version 8.2(5) <system>
Device Manager Version 7.6(1)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
ASA-2 up 317 days 21 hours
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 0023.3353.9da6, irq 9
1: Ext: GigabitEthernet0/1 : address is 0023.3353.9da7, irq 9
2: Ext: GigabitEthernet0/2 : address is 0023.3353.9da8, irq 9
3: Ext: GigabitEthernet0/3 : address is 0023.3353.9da9, irq 9
4: Ext: Management0/0 : address is 0023.3353.9da5, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 10
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.
05-26-2019 01:01 AM
For ASA failover to form you must have both ASA boxes same RAM. In your case they won’t form the failover as RAM is different on both boxes.
here is the link.
05-26-2019 05:42 AM
Couple of things you need to note.:
You have old ASA code running which 8.2 ( suggest to upgrade to latest stable to get best out of performance)
if you decided to upgrade if you other box to test for your feature before you build ha.
if you still like to use same code for some reason, here is the guide for 8.2
basic rule of building HA - make sure HARDWARE / ASA CODE exactly need to identical.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: