asa active/standby ips

Unanswered Question
Jan 21st, 2008
User Badges:

If I have two asas in active/standby with ips in each, how does that work, do I need to assign separate ip addresses and then define each separately to MARS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jan.nielsen Mon, 01/21/2008 - 18:03
User Badges:
  • Gold, 750 points or more

Yes, both IPS modules are actually active, only thing is that the standby ASA doesn't forward any traffic to the module in that unit. So you need to define both modules ip adresses in MARS.

whanson Tue, 01/22/2008 - 06:19
User Badges:

Thanks Jan, one other question, I read that there is a performance inpact running ips inline. Do you have any experience on what that impact is...thx again

jan.nielsen Thu, 01/24/2008 - 06:19
User Badges:
  • Gold, 750 points or more

That depends on how much traffic you are sending to the module in your service-policy, the IPS module is not as fast as the ASA firewall, so you can experience an increase in latency, and also bandwidth will be limited by the IPS module. Check the datasheets for actual numbers.

Actions

This Discussion