Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
5
Helpful
4
Replies

ASA5250 - Failover Interface

Robert Ho
Level 1
Level 1

‎01-28-2009 05:35 PM - edited ‎03-09-2019 09:59 PM

hey all, we have dual ASA5520 setup for failover on a dedicated interface (directly connected with a straight cable).

they will need to be located on two separate parts of the network temporarily. any way we can use a dedicated vlan to allow the failover interfaces to communicate?

i know it is not recommended but will only be temporary.

thanks

-robert

Labels:
0 Helpful
4 Replies 4

eddie.mitchell
Level 3
Level 3

‎01-28-2009 06:15 PM

Robert,

A dedicated VLAN should work fine. This Cisco document references using dedicated VLAN's for LAN based failover:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml#lanbasedfailover

Hope this helps.

Best Regards,

Eddie

0 Helpful

Robert Ho
Level 1
Level 1
In response to eddie.mitchell

‎01-28-2009 07:03 PM

It looks like the switch connected to the failover interfaces is used only for that purpose. In our setup, the failover will be interconnected through several switches in our core but only on one vlan.

0 Helpful

eddie.mitchell
Level 3
Level 3
In response to Robert Ho

‎01-28-2009 07:29 PM

As long as the VLAN is dedicated for failover traffic only, I think you should be fine.

The only other issue in your case that I can possibly think of would be the potential for increased latency by having the failover communication traversing several physical switches to reach the other unit.

According to the PIX/ASA v7.0 command reference, "For optimum performance when using long distance LAN failover, the latency for the failover link should be less than 10 milliseconds and no more than 250 milliseconds. If latency is more than 10 milliseconds, some performance degradation occurs due to retransmission of failover messages."

I don't think it should be an issue, but you never know. ;)

ho.robert
Level 1
Level 1
In response to eddie.mitchell

‎01-28-2009 08:51 PM

nice, thanks a lot!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents