any actual problem with using xover for lan based failover?

slug420 · ‎04-30-2009

Has anyone had any actual problem as a result of using a crossover cable for LAN based failover between ASAs?

The documentation "recommends" that you do not use a xover but rather than you go through a switch but this seems like a bunch of unnecessary hassle.

Your thoughts?

mvsheik123 · ‎04-30-2009

Hi,

We have 2 pairs of ASAs using Xover cables for failover. We even experiences a failover with no issues.Do not see a specific reason to use switch.

hth

MS

srue · ‎05-01-2009

Its better to use a switch because if one firewall goes down, so does the failover interface on the active firewall, when using the x/over cable. That's not to say it won't work with the x/over cable - it's just better not to. I've done it both ways with equal success though.

slug420 · ‎05-01-2009

thats kinda what I figured....one FO interface fails and neither firewall knows if it is the bad one or the good one..?

slug420 · ‎05-01-2009

I was just thinking about this and it seems kind of pointless...you will have the same problem if the switch that both FO interfaces are plugged into fails because both FWs will see their FO interface go down.

So its just a question of which fails more frequently? A switch or a FW interface?

I have never seen a PIX interface fail so...im gonna say the switch.