cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


207
Views
0
Helpful
3
Replies
Beginner

ASA CX failover

We have a Pair of ASA 5515-X in active/passive failover, each with CX module.

While the ASAs remain aligned to any changes in the configuration, it is not so for the CX module - that seems to be totally independent from each other and need to be configurate separately.

We spent a lot of time trying to solve this problem, but without finding the solution:

Is there a way to maintain the same configuration between the CXs, without using the Prism Security Manager? 
It is obvious that I can not propose to a customer who purchases a pair of ASAs, also to set up a virtual appliance and buy a license.

 

Best regards,

Claudio

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

PRSM in multi-device mode (

PRSM in multi-device mode ("off-box") is the only way to maintain automatic synchronization between a pair of CX modules installed in an HA pair of ASAs.

Without that you have to make the same changes manually in each ASA's CX module via PRSM on-box (single device mode).

3 REPLIES 3
Hall of Fame Master

PRSM in multi-device mode (

PRSM in multi-device mode ("off-box") is the only way to maintain automatic synchronization between a pair of CX modules installed in an HA pair of ASAs.

Without that you have to make the same changes manually in each ASA's CX module via PRSM on-box (single device mode).

Highlighted
Beginner

Thanks for the answer.I find

Thanks for the answer.


I find this choice of Cisco really mad.
I understand that Cisco wants to "force" a customer to buy PRSM off-box, but the only result is that I can no longer propose a failover pair of ASA-CX to a Customer, because the total quote is out of market.

And then I will use products of other brands.

 

Best regards

Hall of Fame Master

I wouldn't be surprised to

I wouldn't be surprised to see this particular behavior change in future releases. Your complaint is shared by many customers and partners - both large and small.

Overall, the CX and PRSM feels a bit "rushed to market". Have a look at the release notes and the astonishing amount of bugs being addressed in the very small incremental point releases.