Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
4
Replies

ASA at DR site

naresh.narang
Level 1
Level 1

‎09-03-2012 11:14 PM - edited ‎03-11-2019 04:49 PM

Hi there,

Any ideas on how to keep ASA at DR site in sync?

Thanks

Naresh

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
4 Replies 4

nkarthikeyan
Level 7
Level 7

‎09-04-2012 01:27 AM

Hi Naresh,

This depends on how you want to design your DC and DR centres.... Based on the infra what you have in DC and DR can answers your question. In most of the DC and DR setup we have 2 Pairs of ASA which is running in HA (Act/Stdby or Act/Act) failover mechanisms. Thats up to you how u want to have a design for your DC and DR.

I suggestyou to have the routing to be configured in such a way that if the DC firewalls goes down it should get routed to the DR firewalls which can take the traffic further. Else an another way is to have the HA between the DC and DR which is an another way. You can refer the below document which will have some brief overview about the datacentre setup and scenario's.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/design_guide_c22-624431.html

0 Helpful

naresh.narang
Level 1
Level 1
In response to nkarthikeyan

‎09-04-2012 06:49 AM

Hi there,

   Thanks for the response. Sorry I should have been more clear. I do have redundancy of hardware. As DR site is in a geographically separate location, when I make changes to the primary site, is there a way to sync ASA at DR site? Currently I have to make changes manually.

Thanks

--Naresh

0 Helpful

Karsten Iwen
VIP
VIP
In response to naresh.narang

‎09-04-2012 06:54 AM

The Cisco Security Manager (CSM) as an enterprise management system could help you to keep your configs in sync for your changes.

http://www.cisco.com/en/US/partner/products/ps6498/index.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

naresh.narang
Level 1
Level 1

‎09-20-2012 01:24 PM

Thanks, anyway I can avoid using CSM and still be able to do it?

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card