cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

15284
Views
0
Helpful
13
Replies
Highlighted
Beginner

Active/Active and Active/Standby Failover

What are the advantages/disadvantages of configuring Active/Active vs Active/Standby Failover for Cisco ASA 5510?

Which one should be preferred over the other?

What's the Best Practice followed when configuring failover?

-NG

13 REPLIES 13
Highlighted
Cisco Employee

Active/Standby failover works in both single mode or multiple context mode. It provides hot standby and replicates all the stateful information from active to standby firewall.

Active/Active failover only works in multiple context mode. Example: if you have 5 context, you can have 2 active on the primary firewall, and 3 active on the secondary firewall. When primary firewall fails, the 2 context who was active on the primary firewall will failover to the secondary firewall. After failover, the secondary firewall will have 5 active context.

Hope that helps.

Highlighted

We have Checkpoint Firewall and being new to Cisco ASA may I ask this question - what is a context mode?

Highlighted

Context is virtual firewall. So within 1 physical ASA firewall you can create multiple virtual firewalls.

Here is a sample configuration for multiple context that would help you to understand the concept better:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml

Highlighted

Hi Jennifer, please suggest that will the firewalls (ASA 5585) in Active/Standby failover with multiple context support SSL VPN. Because I had to know from somewhere that with Active/Active firewalls mode we cannot go with SSL VPN.

Highlighted

In order to run Active/Active you need to run "multiple contexts". When you enable "multiple mode" you lose certain functionality. Remote access VPN is one of them.

Highlighted

thanks for replying,

tell me one thing if i go for Active/Standby failover that works in both single mode or multiple context mode

so then  Remote Access VPN will work only in single mode or in both modes...

Highlighted

Remote access VPN only works in "single mode"

Highlighted

hi andre,

there is anyway to achieve load balancing with active/standby mode in ASA 5585... I am really worried about that , I have to do load balancing and remote access SSL VPN...

Highlighted

Hi. Unfortunately I don't think that's going to work. There is a VPN clustering feature in Version 9.0 but not for Firewall traffic.

Highlighted

Hello,

can someone share me the advantages and disadvantages of Active/Active and Active/Passive modes of ASA-5585... better if you a document..

thanks in advance

Highlighted

Hello,

can someone share me the advantages and disadvantages of Active/Active and Active/Passive modes of ASA-5585... better if you a document..

thanks in advanc

Highlighted

Thanks.

Highlighted

Hi Jennifer,

I was just following up on your response as I have a similar query about the active/active v active/standby licence on ASA5510 as both seem to be available (optional) with a Security Plus licence but Active/Active seems to be the default. How can this be changed to an Active/Standby setup because when I try to install Anyconnect licences it states that the failover will be disabled. We do not require multiple contexts so the Active/Standby setup would work fine.

 

Carl

Content for Community-Ad