Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
4
Helpful
1
Replies

Can the ASA IPS module be setup for configuration replication?

MARK BAKER
Level 4
Level 4

‎12-16-2005 11:04 AM - edited ‎03-10-2019 01:48 AM

While setting up two ASAs with IPS modules in an Active/Standby configuration, we were configuring the IPS modules and couldn't find any information on setting up the IPS modules in failover between the two ASAs such as configuration replication.

Do we have to duplicate config. changes on both IPS modules?

Labels:
0 Helpful
1 Reply 1

gabelar
Level 1
Level 1

‎12-20-2005 01:57 PM

You can put the same configs in both IPS modules, but the IPS devices don't share state like the firewalls.

So in a failover condition IPS may lose state of open TCP flows and TCP will need to do a reset to correct the problem. This is generally only a problem if you have a long flow such as a FTP file transfer going on. From a user perspective in most cases, you don't even know that you failed over to the secondary IPS occurred. Engineering is currently looking at sharing stateful information between IPS devices.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card