Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
3
Replies

ASA CX failover

Go to solution
battanc
Level 1
Level 1

‎07-18-2014 12:18 AM - edited ‎03-11-2019 09:29 PM

We have a Pair of ASA 5515-X in active/passive failover, each with CX module.

While the ASAs remain aligned to any changes in the configuration, it is not so for the CX module - that seems to be totally independent from each other and need to be configurate separately.

We spent a lot of time trying to solve this problem, but without finding the solution:

Is there a way to maintain the same configuration between the CXs, without using the Prism Security Manager? 
It is obvious that I can not propose to a customer who purchases a pair of ASAs, also to set up a virtual appliance and buy a license.

 

Best regards,

Claudio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-19-2014 08:21 AM

PRSM in multi-device mode ("off-box") is the only way to maintain automatic synchronization between a pair of CX modules installed in an HA pair of ASAs.

Without that you have to make the same changes manually in each ASA's CX module via PRSM on-box (single device mode).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-19-2014 08:21 AM

PRSM in multi-device mode ("off-box") is the only way to maintain automatic synchronization between a pair of CX modules installed in an HA pair of ASAs.

Without that you have to make the same changes manually in each ASA's CX module via PRSM on-box (single device mode).

0 Helpful

Go to solution
battanc
Level 1
Level 1
In response to Marvin Rhoads

‎07-21-2014 05:33 AM

Thanks for the answer.


I find this choice of Cisco really mad.
I understand that Cisco wants to "force" a customer to buy PRSM off-box, but the only result is that I can no longer propose a failover pair of ASA-CX to a Customer, because the total quote is out of market.

And then I will use products of other brands.

 

Best regards

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to battanc

‎07-21-2014 03:38 PM

I wouldn't be surprised to see this particular behavior change in future releases. Your complaint is shared by many customers and partners - both large and small.

Overall, the CX and PRSM feels a bit "rushed to market". Have a look at the release notes and the astonishing amount of bugs being addressed in the very small incremental point releases.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card