Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1143
Views
0
Helpful
5
Replies

ASA clustering

Go to solution
Andrej Zverev
Level 1
Level 1

‎10-12-2014 01:31 AM - edited ‎03-11-2019 09:54 PM

Hello!

Can anyone explain is this list of switches are complete? For example 4500x or Nexus 3064 can do same(VSS/vPC), I think, but they are not listed.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/ha-cluster.html

See: Table 7-2 External Hardware and Software Support for ASA Clustering

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-12-2014 07:21 AM

The ones listed are the ones Cisco has tested and verified compatible. Other models may work fine but haven't necessarily been tested.

The Etherchannel / LACP mechanisms are pretty sensitive though for interoperability with an ASA cluster so proceed carefully when going outside the recommended switch types. I'd say especially so when working with a VSS- or VPC-enable downstream set of of switches.

You can always open a proactive TAC case to ask them to validate your configuration and check their internal knowledge base for possible concerns.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-12-2014 07:21 AM

The ones listed are the ones Cisco has tested and verified compatible. Other models may work fine but haven't necessarily been tested.

The Etherchannel / LACP mechanisms are pretty sensitive though for interoperability with an ASA cluster so proceed carefully when going outside the recommended switch types. I'd say especially so when working with a VSS- or VPC-enable downstream set of of switches.

You can always open a proactive TAC case to ask them to validate your configuration and check their internal knowledge base for possible concerns.

0 Helpful

Go to solution
Andrej Zverev
Level 1
Level 1
In response to Marvin Rhoads

‎10-12-2014 08:02 AM

Thank you! Will try asks details from TAC

0 Helpful

Go to solution
Andrej Zverev
Level 1
Level 1
In response to Andrej Zverev

‎02-03-2015 06:44 AM

Ok, I'm sharing some information after talking with cisco's guys.

 

You can use any switch, but switches from list are confirmed what they are doing proper traffic distribution, like if you have pair of ASA in cluster in this case a good switch can do almost 50/50 traffic distribution and bad switch can do 70/30 and in this case some of your ASA's can be overloaded.

That's all :-)

0 Helpful

Go to solution
startx001
Level 1
Level 1
In response to Marvin Rhoads

‎12-01-2014 03:35 AM

Hi Marvin , 

 

Can in configure cluster on ASA , if i have two 4948 on separate ASA ? 

4948 will in inside interfaces.

Topology is  in picture .

 

Is there any link where i can see difference between ASA cluster , and ASA Active/Active mode .

Regarding data flow , capacity etc 

 

I asume that Active/Active is capable only with two ASA , and ASA Cluster is capable up to 8 ASA .

 

KR

Preview file
44 KB
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to startx001

‎12-01-2014 06:50 AM

You could use separate 4948 switches in the one side if you setup the cluster in individual interface mode. However the Cisco recommendation is to use spanned Etherchannel which is only possible when the switches are in a stack, VSS or VPC configuration - all things the 4948 cannot do.

Active/Active term is generally used to refer to an HA mode that is only available in multiple context ASA configurations. The overall pair is active/active but a given context is always active/standby.

You might find the Cisco live presentation BRKSEC-3032 useful. Also listen to the TAC Security podcasts on ASA clustering.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card