cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3460
Views
5
Helpful
4
Replies
Highlighted

Fail over link ASA 5585-x

Hey All,

I have a question in regards the fail over link between asa's

So, I know cisco suggest using a failover link as fast as your fastest link.

But if you have only 2 x 10gb, this seems like a waste of a 10gb.

What will happen if we use a 1gb link for a fail over link while we have the 2x 10gb link utilised for other data function? would state information be dropped ?

Kind Regards,

A

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Fail over link ASA 5585-x

Hello,

Just to add on to what Andrew mentioned, you should be fine using a 1 Gbps interface for the failover and/or state link. The recommendation to use a failover link as fast as your fastest interface really only applies to the 5520-5550 platforms, as described here:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1077627

Hope that helps.

-Mike

View solution in original post

4 REPLIES 4
Highlighted
Advocate

Re: Fail over link ASA 5585-x

AFAIK - no, only state information and other system info is really sent over the failover link.  No traffic traverses it.

HTH>

Highlighted
Cisco Employee

Re: Fail over link ASA 5585-x

Hello,

Just to add on to what Andrew mentioned, you should be fine using a 1 Gbps interface for the failover and/or state link. The recommendation to use a failover link as fast as your fastest interface really only applies to the 5520-5550 platforms, as described here:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1077627

Hope that helps.

-Mike

View solution in original post

Highlighted

Re: Fail over link ASA 5585-x

Fantastic thank you very much!

Highlighted
Beginner

Re: Fail over link ASA 5585-x

Further to above,

Two ASA 5585-X in two different locations with inside and outside using 10G in Active/Standby. The inside switches also have 10G, so can pass traffic between firewalls.

Thinking of putting statefull failover over a VLAN on the inside (10G)

and

Thinking or rather working out what 1G interfaces are available on ASA-5585-X SSP 20 to connect to the switch.

Any pointers to identify available ports (i have no hardware handy at present).

Also any thought on 1G port numbers on a SUP2T in the switch. Are the 3 x 1G ports all fibre based? What about ASA 1G ports (again no harware in hand to check SUP2T nor ASA 5585-X port details.)

any pointers to relevant docs for ASA and Supervisor would be appriciated.

SS