[c-nsp] ASA 5500 Appliance - HTTPs stateful failover replication

Juan Angel Menendez jmenendez at mecon.gov.ar
Tue Apr 17 13:30:03 EDT 2007



         Hello list,

         Reading the ASA Software version 7.2 
documentation, I found that, among other things, 
HTTP stateful replication is provided.

         Does this include HTTPs (443) replication for WebVPN ?

         Ie: (SSL Browser) -> ASA -> HTTPs -> SSL WebServer

         If not, do you know if it's going to be 
supported and the aproximate date ?

         Thanks for your time

[snip]


Stateful Failover

When Stateful Failover is enabled, the active 
unit continually passes per-connection state 
information to the standby unit. After a failover 
occurs, the same connection information is 
available at the new active unit. Supported 
end-user applications are not required to 
reconnect to keep the same communication session.

The state information passed to the standby unit includes the following:

•
[]
NAT translation table.
•
[]
TCP connection states.
•
[]
UDP connection states.
•
[]
The ARP table.
•
[]
The Layer 2 bridge table (when running in transparent firewall mode).
•
[]
The HTTP connection states (if HTTP replication is enabled).
•
[]
The ISAKMP and IPSec SA table.
•
[]
GTP PDP connection database.

The information that is not passed to the standby 
unit when Stateful Failover is enabled includes the following:

•
[]
The HTTP connection table (unless HTTP replication is enabled).
•
[]
The user authentication (uauth) table.
•
[]
The routing tables.
•
[]
State information for Security Service Modules.
•
[]
DHCP server address leases.
•
[]
L2TP over IPSec state information.

[snip]

Regards,
Juan 


More information about the cisco-nsp mailing list