Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
3
Replies

PO for LAN failover and stateful failover link?

sandevsingh
Level 1
Level 1

‎08-19-2013 07:03 PM - edited ‎03-11-2019 07:27 PM

Hi.. We have 2 x ASA 5520s running ver 9.0. We plan to aggregate the 2 interfaces used for LAN failover and stateful failover into a lacp PO. So both the ASAs are connected to each other directly using these 2 interfaces and then we logically make it a one PO. We then assign the PO intface an ip. Is this supported?

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-19-2013 09:08 PM

You can use any unused interface (physical, redundant, or EtherChannel) as the failover link. (Source)

That said, It would be an uncommon implementation. I almost always see them on separate physical interfaces.

0 Helpful

Karsten Iwen
VIP
VIP
In response to Marvin Rhoads

‎08-19-2013 10:50 PM

yes, it might be uncommon, but it is recommended to reduce the probablility of split-brain scenarios (where both ASAs could become active in a worst case because of a failed FO-link). So, go for it!


Sent from Cisco Technical Support iPad App

0 Helpful

sandevsingh
Level 1
Level 1
In response to Karsten Iwen

‎08-20-2013 05:04 PM

Ok thnx folks... So should I use same Ips for LAN fo and stateful fo links or separate?
In other words, PO.10 can be for LAN fo and PO.11 for stateful fo , both different subnets. Or else it can be PO.10 for both sharing the same subnet?


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card