02-23-2011 12:47 AM - edited 03-11-2019 12:55 PM
Hey All,
I have a question in regards the fail over link between asa's
So, I know cisco suggest using a failover link as fast as your fastest link.
But if you have only 2 x 10gb, this seems like a waste of a 10gb.
What will happen if we use a 1gb link for a fail over link while we have the 2x 10gb link utilised for other data function? would state information be dropped ?
Kind Regards,
A
Solved! Go to Solution.
02-23-2011 10:28 AM
Hello,
Just to add on to what Andrew mentioned, you should be fine using a 1 Gbps interface for the failover and/or state link. The recommendation to use a failover link as fast as your fastest interface really only applies to the 5520-5550 platforms, as described here:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1077627
Hope that helps.
-Mike
02-23-2011 03:09 AM
AFAIK - no, only state information and other system info is really sent over the failover link. No traffic traverses it.
HTH>
02-23-2011 10:28 AM
Hello,
Just to add on to what Andrew mentioned, you should be fine using a 1 Gbps interface for the failover and/or state link. The recommendation to use a failover link as fast as your fastest interface really only applies to the 5520-5550 platforms, as described here:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1077627
Hope that helps.
-Mike
02-23-2011 06:07 PM
Fantastic thank you very much!
11-07-2013 09:08 AM
Further to above,
Two ASA 5585-X in two different locations with inside and outside using 10G in Active/Standby. The inside switches also have 10G, so can pass traffic between firewalls.
Thinking of putting statefull failover over a VLAN on the inside (10G)
and
Thinking or rather working out what 1G interfaces are available on ASA-5585-X SSP 20 to connect to the switch.
Any pointers to identify available ports (i have no hardware handy at present).
Also any thought on 1G port numbers on a SUP2T in the switch. Are the 3 x 1G ports all fibre based? What about ASA 1G ports (again no harware in hand to check SUP2T nor ASA 5585-X port details.)
any pointers to relevant docs for ASA and Supervisor would be appriciated.
SS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide