cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
321
Views
0
Helpful
1
Replies

ASA 5505 Wan Failover

netbin2009
Beginner
Beginner

Hi!

I would like to know how the failover works. I would like this setup.

One interface with wired attached ISP and One interface with 4G(umts) Router.

What license do i need to get this to work?

Normally interface to my isp never goes down but some other issues happens further down the lane (DNS, Core router, aso). How does the ASA know when the failover should happen when the interface never goes down?

Regards,

Mattias

1 Reply 1

Marius Gunnerud
VIP Advisor VIP Advisor
VIP Advisor
What license do i need to get this to work?

You will need a security plus license to configure failover on the 5505.  Keep in mind that stateful failover is not supported on the 5505.

Normally interface to my isp never goes down but some other issues  happens further down the lane (DNS, Core router, aso). How does the ASA  know when the failover should happen when the interface never goes down?

You will need a dedicated failover link between the ASAs.  This can be in the form of a dedicated physical interface or a subinterface (though the dedicated physical interface is Cisco best practice.)  The failover link carries hello messages between the ASAs. When the standby ASA stops to recieve hello messages over the failover link, it will send 3 hello packets out the monitored interfaces to make sure that the other ASA is dead and not just the link between the ASAs has failed.  If the ASA does not receive a reply from these three packets it will assume that the Active ASA has died and takes over the roll as the Active ASA.

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers