Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
1
Replies

ASA Fail-Over Configuration

zekebashi
Level 4
Level 4

‎11-02-2017 02:30 PM - edited ‎02-21-2020 06:37 AM

Hello,

 

We have two ASA5585s physically connected for FO. Two interfaces have been used; one interface is used for the State Link and the second link is configured for the LAN FO. I've read in some documentation that the recommended configuration for FO is to connect the two ASAs through a switch or two switches.

 

I wanted to find out why it's better to connect the two ASAs via switch and not directly when configuring them for Fail-Over. Can someone explain to me the reasons why?

 

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

mikael.lahtela
Level 4
Level 4

‎11-02-2017 03:57 PM

Hi,

This might be the reason:
"If you do not use a switch between the units, if the interface fails, the link is brought down on both peers.
This condition may hamper troubleshooting efforts because you cannot easily determine which unit has the failed interface and caused the link to come down."

Page 2: https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/ha-failover.pdf

br, Micke
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card