Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
9
Helpful
3
Replies

ASA: Managment Port for Failover Interface?

chrisbicm
Level 1
Level 1

‎06-09-2006 10:17 AM - edited ‎02-21-2020 12:57 AM

Hello,

I am about to set up 2 ASA 5520s in an Active/Passive configuration. I have read online that the managment port can be used for the failover interface but also that it operates at 100Mb instead of 1Gb... I figure that the 100Mb should be more then enough to pass the statefull/failover information but I wanted to know for sure... .if anyone has used their managment port for their failover, or has any reason why its not a good idea please reply.

Thanks a lot,

Chris

0 Helpful
3 Replies 3

sean
Level 3
Level 3

‎06-09-2006 10:33 AM

By default the management ports will not pass traffic. I would just use the normal ports unless there is a need not to (as you can still create subinterfaces on the devices). Also, if you are trying to implement statefull failover, and the other interfaces are using more than 100Mbps., you have to have a gig on the statefull to keep up with the connections and info. Hope this helps.

chrisbicm
Level 1
Level 1
In response to sean

‎06-09-2006 10:55 AM

Sean,

The main problem on our end is that we need 5 physical interfaces for out current setup.... if we want to stay completely redundant on our end. If we were to sub-interface a 1Gb interface.... does that technically create 2 500Mb interfaces... because there are times when I know that the interface that we would need to sub-int would be receiving more then that for each sub-int. Sorry its a bit of a confusing post... I hope you know what I mean by this

Thanks,

Chris

0 Helpful

a.kiprawih
Level 7
Level 7
In response to chrisbicm

‎06-09-2006 12:40 PM

Hi Chris,

Sean is right for the recommended use of GE interface for stateful link instead of management port.

Cisco recommend any PIX/ASA to use bigger capacity interface to channel failover traffic between firewalls. This will ensure fast data/info transfer or replication processes to the other side.

I think creating sub-interface (for trunk & vlan support) will at least gives you better option as theoritically, each sub-interface are getting 500Mbps link which is better than 100Mbps.

Rgds,

AK

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card