Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
5
Helpful
1
Replies

Dual Cisco ASA 5520 with SSM-10 Failover

mikedelafield
Level 1
Level 1

‎09-30-2011 08:04 AM - edited ‎03-10-2019 05:29 AM

Hi there.

I believe that when 2 ASA 5520's are configured for failover with a SSM-10 in each, that the SSM-10 does not automatically failover in the same way as the Firewall.

Can anyone confirm this? How does the failover process work?

Are there any good documents out there for this?

If this is the case then what do people consider to be the best practice for this kind of setup?

I hope you can give some advice.

Thanks.

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-03-2011 03:18 AM

Yes, you are correct.

Failover on ASA firewall is only on the ASA firewall itself, ie: all configuration synchronization, xlate table, state/session synchronization is only for the ASA itself.

The IPS SSM module will need to be manually configured on each module, have unique management ip address and signature update will need to be individually configured to update. No synchronization happens as far as the IPS SSM module is concern.

Because the traffic to be inspected by the AIP SSM module is configured on the ASA, when the ASA fails over, traffic will continue to be sent towards the AIP SSM module to be inspected. However, you just have to make sure that the AIP SSM module is configured on both.

Hope this answers your question.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card