Solved: asa with ips high availability configuration

Meuserid1979 · ‎01-08-2018

Hi experts,

how the high availability configuration between 2xasa with IPS modules? is it same as configuring normal 2xasa ?any special config needed? not sure yet how the 2 ips works after HA configuration. pls direct me to helpful docu . thanks in advance

chris

Ajay Saini · ‎01-09-2018

Hello Chris,

I wil try to provide you initial insight how it works. There is no specific doc, but let me know if there are any queries after reading my post:

ASA HA config with and without IPS basically remains the same. There is no additional config needed on ASA. We just need to make sure that IPS module should be present in both ASA. Also, the IPS config needs to be individually for both IPS, it does not sync unlike ASA config.

On the ASA backplane, IPS is monitored under failover. So, if the IPS fails, ASA will failover.

Below link talks about how ASA tracks the IPS interface:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200944-Disable-Service-Module-Monitoring-on-ASA.html#anc7

-HTH

AJ

View solution in original post

Ajay Saini · ‎01-09-2018

Hello Chris,

I wil try to provide you initial insight how it works. There is no specific doc, but let me know if there are any queries after reading my post:

ASA HA config with and without IPS basically remains the same. There is no additional config needed on ASA. We just need to make sure that IPS module should be present in both ASA. Also, the IPS config needs to be individually for both IPS, it does not sync unlike ASA config.

On the ASA backplane, IPS is monitored under failover. So, if the IPS fails, ASA will failover.

Below link talks about how ASA tracks the IPS interface:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200944-Disable-Service-Module-Monitoring-on-ASA.html#anc7

-HTH

AJ

Meuserid1979 · ‎01-11-2018

Hi AJ,

thanks a lot for the info. appreciate it.

regards,

Chris