Solved: Switch between Cisco ASA for failover

network_user · ‎10-11-2011

Hello,

I see Cisco recommends that you should connect a dedicated switch between two ASAs for configuring LAN failover and stateful failover, instead of connecting a cable directly between the two ASAs. Does someone know what is the advantage of putting a switch in between them??

Thank you.

Jon Marshall · ‎10-11-2011

The main advantage is that if you use a direct cable and one of the failover interfaces fails then the other interface on the other firewall goes down as well so it can make troubleshooting difficult.

If you use a switch and one interface fails the other is still up because it is connected to the switch.

It does not necessarily have to be a dedicated switch in terms of only using that switch for the failover link, as long as the switch you use is not overutilised and is not heavily oversubscribed.

Jon

View solution in original post

Jon Marshall · ‎10-11-2011

The main advantage is that if you use a direct cable and one of the failover interfaces fails then the other interface on the other firewall goes down as well so it can make troubleshooting difficult.

If you use a switch and one interface fails the other is still up because it is connected to the switch.

It does not necessarily have to be a dedicated switch in terms of only using that switch for the failover link, as long as the switch you use is not overutilised and is not heavily oversubscribed.

Jon

network_user · ‎10-12-2011

Thanks Jon!