ASA 5585-X SSP-10 Dual Mode

iamloki9591 · ‎12-12-2023

Hi Guys,

Does ASA 5585 support dual mode? I'm planning to install 2x 5585-X SSP-10 in a single chassis?
Both SSPs are running the below version:

Cisco ASA Version: 9.8(4)
Firepower OS: 2.2(2.119)
Device Manager Ver: 6.4.(9)

I'm trying to run these 2 SSPs in the HA setup. Currently, the Top SSP cannot see the bottom SSP, and vice versa.

tvotna · ‎12-14-2023

Failover is supported in dual firewall mode, but you need proper cabling between modules. They should be connected with external failover link.

If this doesn't work, you'll probably need to open a TAC case.

iamloki9591 · ‎12-14-2023

Hi tvotna,

How do you enable dual firewall mode, while both the firewall are in a single chassis. Can I just use a CAT cable for failover link between the 2 firewalls?

tvotna · ‎12-14-2023

Sup modules are completely independent from each other with their own console port, interfaces and ASA OS. You can use crossover cable to connect failover link between them.

Marvin Rhoads · ‎12-14-2023

The ASA 5585-X (and all hardware modules) was end of sales over 5 years ago and is now fully end of life:

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-c51-740021.html

That said, you can add a second core SSP following this procedure:

https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5585guide/5585Xhw/procedures.html

I've never seen a second core SSP used in the real world though - only a second SSP with IPS or Firepower persona.