[c-nsp] active/standy failover

[Ramcharan, Vijay A]

As mentioned below, the ASA does not have a dedicated serial failover
port as does the PIX. You use the Ethernet port(s) on the ASA for
LAN-based failover/stateful duties.

Ensure that your failover/stateful port(s) is/are "at least" the same
capacity/speed as that of any production interfaces. 
The reference about running the failover link over a switch is mentioned
in the link below but to the best of my knowledge, connecting the ports
directly together works fine as well. 

For more information: 
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura
tion_example09186a00807dac5f.shtml 

Vijay Ramcharan  
 


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Jeff Kell
> Sent: Friday, January 28, 2011 3:56 PM
> To: Nick Hilliard
> Cc: Cisco Network Service Providers
> Subject: Re: [c-nsp] active/standy failover
> 
> On 1/28/2011 3:40 PM, Nick Hilliard wrote:
> > you need two ports, one to signal failover, and the other to
transmit the
> firewall state.
> 
> You can run ASA LAN failover over one (or configure them separately).
I
> remember
> reading (or think I did) somewhere that it was preferable to run this
> failover link
> through a switch as opposed to a crossover cable, but I can't cite a
> reference.
> 
> Old PIX used to have this serial-cable heartbeat and
LAN-connection-state
> combination.
> 
> We're running ASAs active/active over a common failover link.
> 
> Jeff
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/