Is this the "traditional"

keyser.soze1 · ‎02-21-2016

Can anyone knows what could be the reason of high ping latency, when I am pinging the ISP next hop router through cluster of ASAs and my inside interface on a cluster of cisco ASAs?

When I leave one unit in a cluster of ASAs, ping is 1ms, when both units are active this ping is from 5 to 25 ms. And somethimes "request time out".

Topology is: ISP router---cluster of two ASAs 5525-x ---- inside switch----host

Philip D'Ath · ‎02-21-2016

Is this the "traditional" failover cluster configuration (aa opposed to VPN)?

Is this a state full or stateless failover cluster?

When you have them in a cluster, and you fail it over, does it change the ping time?

keyser.soze1 · ‎02-26-2016

It is the tradicional failover cluster configuration. Here is the configuration link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_cluster.pdf

Statefull and stateless failover links are terminology with failover. This is cluster. Here I have only Cluster Control Link (CCL) between ASA-s, and I port channel them into 2 Gb throughput.

When I turn off one ASA, and second takes all the traffic, ping is normal.

When I boot up second ASA, after 10 minutes ping latency go high.

Does it have something with load balancing on port channels defined between ASA-s and inside switch?

Philip D'Ath · ‎02-28-2016

I've never tried ASA clustering, only failover, so I am not sure.

I would think if the port channel config was wrong you would be packet loss, rather than latency issues.

What software version are you running?

Problem with high ping latency on cluster of ASAs