09-03-2012 11:14 PM - edited 03-11-2019 04:49 PM
Hi there,
Any ideas on how to keep ASA at DR site in sync?
Thanks
Naresh
Sent from Cisco Technical Support iPhone App
09-04-2012 01:27 AM
Hi Naresh,
This depends on how you want to design your DC and DR centres.... Based on the infra what you have in DC and DR can answers your question. In most of the DC and DR setup we have 2 Pairs of ASA which is running in HA (Act/Stdby or Act/Act) failover mechanisms. Thats up to you how u want to have a design for your DC and DR.
I suggestyou to have the routing to be configured in such a way that if the DC firewalls goes down it should get routed to the DR firewalls which can take the traffic further. Else an another way is to have the HA between the DC and DR which is an another way. You can refer the below document which will have some brief overview about the datacentre setup and scenario's.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/design_guide_c22-624431.html
09-04-2012 06:49 AM
Hi there,
Thanks for the response. Sorry I should have been more clear. I do have redundancy of hardware. As DR site is in a geographically separate location, when I make changes to the primary site, is there a way to sync ASA at DR site? Currently I have to make changes manually.
Thanks
--Naresh
09-04-2012 06:54 AM
The Cisco Security Manager (CSM) as an enterprise management system could help you to keep your configs in sync for your changes.
http://www.cisco.com/en/US/partner/products/ps6498/index.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-20-2012 01:24 PM
Thanks, anyway I can avoid using CSM and still be able to do it?
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide