I've just started configuring 2x new ASA5520's. They will be either in active/active, or active/passive failover. I'd like to have stateful failover.
A couple of questions:
What is the "management" interface for (other than the potential obvious) - i know traffic can't flow into that interface and out another interface, so is it ONLY meant for managing/configuring the units?
I know that i need a dedicated network between the 2 ASA's for the failover. Can i use the above mentioned management interface for this, rather than one of the Gigabit interfaces?
Both devices have the AIP-SSM-10 module which ALSO has an interface on it. Is this just for administaring the module?
Also, anyone who has a similar setup to me, tips, experiences and pointers gladly accepted.
Setup is pretty simple:
Redundant Ethernet internet connections coming through 2x 2801's
Web,mail, app servers & 2811's providing VPN connections in DMZ
Users behind ASA's
Software VPN's will be done directly to ASA's using IPSEC VPN Client - may look at ssl in future.
Migrating from single Pix 6.1