cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19613
Views
0
Helpful
13
Replies

Active/Active and Active/Standby Failover

gnaveen
Level 1
Level 1

What are the advantages/disadvantages of configuring Active/Active vs Active/Standby Failover for Cisco ASA 5510?

Which one should be preferred over the other?

What's the Best Practice followed when configuring failover?

-NG

13 Replies 13

Jennifer Halim
Cisco Employee
Cisco Employee

Active/Standby failover works in both single mode or multiple context mode. It provides hot standby and replicates all the stateful information from active to standby firewall.

Active/Active failover only works in multiple context mode. Example: if you have 5 context, you can have 2 active on the primary firewall, and 3 active on the secondary firewall. When primary firewall fails, the 2 context who was active on the primary firewall will failover to the secondary firewall. After failover, the secondary firewall will have 5 active context.

Hope that helps.

We have Checkpoint Firewall and being new to Cisco ASA may I ask this question - what is a context mode?

Context is virtual firewall. So within 1 physical ASA firewall you can create multiple virtual firewalls.

Here is a sample configuration for multiple context that would help you to understand the concept better:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml

Hi Jennifer, please suggest that will the firewalls (ASA 5585) in Active/Standby failover with multiple context support SSL VPN. Because I had to know from somewhere that with Active/Active firewalls mode we cannot go with SSL VPN.

In order to run Active/Active you need to run "multiple contexts". When you enable "multiple mode" you lose certain functionality. Remote access VPN is one of them.

thanks for replying,

tell me one thing if i go for Active/Standby failover that works in both single mode or multiple context mode

so then  Remote Access VPN will work only in single mode or in both modes...

Remote access VPN only works in "single mode"

hi andre,

there is anyway to achieve load balancing with active/standby mode in ASA 5585... I am really worried about that , I have to do load balancing and remote access SSL VPN...

Hi. Unfortunately I don't think that's going to work. There is a VPN clustering feature in Version 9.0 but not for Firewall traffic.

Hello,

can someone share me the advantages and disadvantages of Active/Active and Active/Passive modes of ASA-5585... better if you a document..

thanks in advance

Hello,

can someone share me the advantages and disadvantages of Active/Active and Active/Passive modes of ASA-5585... better if you a document..

thanks in advanc

Thanks.

Hi Jennifer,

I was just following up on your response as I have a similar query about the active/active v active/standby licence on ASA5510 as both seem to be available (optional) with a Security Plus licence but Active/Active seems to be the default. How can this be changed to an Active/Standby setup because when I try to install Anyconnect licences it states that the failover will be disabled. We do not require multiple contexts so the Active/Standby setup would work fine.

 

Carl

Review Cisco Networking for a $25 gift card