Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
2
Replies

ASA-X High Availability

robward
Level 1
Level 1

‎07-12-2012 08:23 AM - edited ‎03-11-2019 04:30 PM

Hi, a colleague tells me the new ASA range can support Active/Active failover where you can have both devices in a pair passing traffic through the same context.

This seems quite a radical advancement so I just wanted to make sure this is correct before making any design assumptions based on this?

I can't see how this would work unless a way has been found to make state tables keep up with asymetric routing.

My previous understanding of Active/Active was that both devices could be passing traffic but through different contexts with the contexts in an Active/Standby type mode.

Thanks

Rob

Labels:
0 Helpful
2 Replies 2

sean_evershed
Level 7
Level 7

‎07-13-2012 03:20 AM

Hi,

See the link below for details on the Active/Active feature of the ASA 5585X

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/design_guide_c22-624431.htm

See also the config guide for Active/Active for 8.4

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_active_active.html#wp1080046

It goes onto to explain how to configure support for asymetrically routed packets using an asr-group.

Don't forget to rate posts that are helpful.

Cheers

Sean

0 Helpful

Karsten Iwen
VIP
VIP

‎07-13-2012 05:35 AM

Active/Active is quite old and works with asymetric traffic as Sean has pointed out. Could it be that your colleague was talking of the upcoming clustering which will be available in ASA v9?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card