Solved: VSS and ASA service module

Julio Coral Orbes · ‎03-11-2013

Hi Support Community

we are planning to implement a VSS solution with a 6500 series switches with sup 2T. We also need to include an ASA service module on the design, however the budget is not enough to buy two asa service modules. So i want to know if is possible run a VSS cluster, whit only one ASA service Module.

and also i would like know what happens if the single ASA service module fails? can the switch cluster continue operating just as if there is not a firewall installed??

Many thanks in advance..

Reza Sharifi · ‎03-11-2013

Hi,

Yes, you can only use one ASA, but if the switch that contains the FW module fails, you will also loose the FW.

You would need to remove the ASA physically out of one switch and put it in the other one. I know the budget is an issue here, but it is recommend to deploy 2 ASAs.

and also i would like know what happens if the single ASA service module fails? can the switch cluster continue operating just as if there is not a firewall installed??

Yes, the module failure is not going to effect the VSS.

HTH

View solution in original post

Reza Sharifi · ‎03-11-2013

Hi,

Yes, you can only use one ASA, but if the switch that contains the FW module fails, you will also loose the FW.

You would need to remove the ASA physically out of one switch and put it in the other one. I know the budget is an issue here, but it is recommend to deploy 2 ASAs.

and also i would like know what happens if the single ASA service module fails? can the switch cluster continue operating just as if there is not a firewall installed??

Yes, the module failure is not going to effect the VSS.

HTH