Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1935
Views
0
Helpful
5
Replies

ASA Active/Active HA Confusion

Go to solution
SIMMN
Spotlight
Spotlight

‎05-29-2019 07:04 AM

Referring to ASA v9.12 CLI Guide here of the Active/Active HA and quoted below:   

 

If you want Active/Active failover, but are otherwise uninterested in multiple contexts, the simplest configuration would be to add one additional context and assign it to failover group 2.

 

Say I need Active/Active HA with a pair of ASA 5525-X but not plan to do multiple security contexts. I have the admin context as the only security context inspecting and forwarding data. I set the failover group 1 with ASA#1 as the active unit. Following the quoted statement above, I create a dummy context and join it to the failover group 2 with the ASA#2 as the active unit. So now wouldnt ASA#1 is active and ASA#2 is standby for failover group 1 as if it was the active/standby HA? Or I misunderstood it that there is no such concept as the standby anymore with the ASA Active/Active HA in multi-context mode?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SIMMN

‎05-29-2019 01:13 PM

 

I think the confusion is because active/active cannot work for the same context so if you are just using one context you cannot have active/active failover for it, it is just active/standby. 

 

I agree the paragraph is misleading because it seems to be saying if you don't want multiple contexts here is a way to have active/active failover but it isn't because you have to have multiple contexts. 

 

It is in effect a circular argument and is there because in my opinion active/active is a misleading term, it is really active/standby per context with the ability to have each firewall active for a subset of the contexts.

 

But that doesn't sound as good in marketing terms :) 

 

Jon

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
GRANT3779
Spotlight
Spotlight

‎05-29-2019 07:44 AM

I think I understand what you are asking.

 

In an active/active setup there is still an active/standby situation for each fail over group. The active/active is basically saying both firewalls can pass traffic, but for different fail-over groups at any one time. In a typical active/standby without contexts, one firewall will be passing traffic.

Active/Active does not mean there is no standby as such.

0 Helpful

Go to solution
SIMMN
Spotlight
Spotlight
In response to GRANT3779

‎05-29-2019 08:34 AM

Thats what I thought but it is not what that quoted paragraph said in my post...

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SIMMN

‎05-29-2019 12:20 PM

Active / Active is always multi context.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to SIMMN

‎05-29-2019 01:13 PM

 

I think the confusion is because active/active cannot work for the same context so if you are just using one context you cannot have active/active failover for it, it is just active/standby. 

 

I agree the paragraph is misleading because it seems to be saying if you don't want multiple contexts here is a way to have active/active failover but it isn't because you have to have multiple contexts. 

 

It is in effect a circular argument and is there because in my opinion active/active is a misleading term, it is really active/standby per context with the ability to have each firewall active for a subset of the contexts.

 

But that doesn't sound as good in marketing terms :) 

 

Jon

 

0 Helpful

Go to solution
SIMMN
Spotlight
Spotlight
In response to Jon Marshall

‎06-17-2019 08:22 AM

we are on the same page...:)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card