ASA5510 ASA5510-K8 LAN Failover

Unanswered Question
Jun 12th, 2009
User Badges:

Can these 2 models do LAN failover provided images and licensing are correct? The firewalls are identical except for the show version models, one is the "K8" variant, whatever that is.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mwheinz Fri, 06/12/2009 - 06:44
User Badges:

Thanks for your reply. The referenced doc really doesn't say if the asa5510 and the asa5510-k8 are interoperable as regards failover. Have you set this up using the models in question?


Collin Clark Fri, 06/12/2009 - 07:10
User Badges:
  • Purple, 4500 points or more

The ASA5510 and the ASA5510-K8 are the same hardware models. They both need to run the exact same OS for failover. Upgrade to 8.2(x) if possible.

<font size="2"></p><p>FIREWALL# sh ver</p><p></p><p>Cisco Adaptive Security Appliance Software Version 8.2(1) </p><p></p><p>Compiled on Tue 05-May-09 22:45 by builders</p><p>System image file is "disk0:/asa821-k8.bin"</p><p>Config file at boot was "startup-config"</p><p></p><p>FIREWALL up 26 days 4 hours</p><p>failover cluster up 1 year 21 days</p><p></p><p><b>Hardware:   ASA5510-K8</b>, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz</p><p>Internal ATA Compact Flash, 256MB</p><p>Slot 1: ATA Compact Flash, 64MB</p><p>BIOS Flash AT49LW080 @ 0xffe00000, 1024KB</p><p></p><p>Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)</p><p>                             Boot microcode   : CN1000-MC-BOOT-2.00 </p><p>                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03</p><p>                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04</p><p> 0: Ext: Ethernet0/0         : address is 0019.e8d9.46f2, irq 9</p><p> 1: Ext: Ethernet0/1         : address is 0019.e8d9.46f3, irq 9</p><p> 2: Ext: Ethernet0/2         : address is 0019.e8d9.46f4, irq 9</p><p> 3: Ext: Ethernet0/3         : address is 0019.e8d9.46f5, irq 9</p><p> 4: Ext: Management0/0       : address is 0019.e8d9.46f1, irq 11</p><p> 5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11</p><p> 6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5</p><p></p><p>Licensed features for this platform:</p><p>Maximum Physical Interfaces  : Unlimited </p><p>Maximum VLANs                : 100       </p><p>Inside Hosts                 : Unlimited </p><p>Failover                     : Active/Active</p><p>VPN-DES                      : Enabled   </p><p>VPN-3DES-AES                 : Enabled   </p><p>Security Contexts            : 2         </p><p>GTP/GPRS                     : Disabled  </p><p>SSL VPN Peers                : 2         </p><p>Total VPN Peers              : 250       </p><p>Shared License               : Disabled</p><p>AnyConnect for Mobile        : Disabled  </p><p>AnyConnect for Linksys phone : Disabled  </p><p>AnyConnect Essentials        : Disabled  </p><p>Advanced Endpoint Assessment : Disabled  </p><p>UC Phone Proxy Sessions      : 2         </p><p>Total UC Proxy Sessions      : 2         </p><p>Botnet Traffic Filter        : Disabled  </p><p></p><p>This platform has an ASA 5510 Security Plus license.</p><p></p><p>Serial Number: 99999999</p><p>Running Activation Key: XXXX XXXX XXXX XXXX XXXX </p><p>FW# sh fail state </p><p></p><p>               State          Last Failure Reason      Date/Time</p><p>This host  -   Primary</p><p>               Active         None</p><p>Other host -   Secondary</p><p>               Standby Ready  Comm Failure             06:10:17 CST May 17 2009</p><p></p><p>====Configuration State===</p><p>        Sync Done</p><p>        Sync Done - STANDBY</p><p>====Communication State===</p><p>        Mac set</p><p></p><p></font>


This Discussion