Contexts with Active-Active configuration

Unanswered Question
Aug 4th, 2009

Hi,

Having read the Active-Active configuration for context's it is still not clear to me. Here is what I understood please correct if I am wrong.

I have four different contexts and one admin context.

1. If I configure ASA - Unit-1 as an active device for context_1 and context_2. Obviously ASA Unit-2 is failover device for context_1 and context_2.

2. Next, I will configure ASA Unit-1 as a failover device for context_3 and context_4. Obviously ASA Unit-2 will be active for Coontext_3 and context_4.

3. So when, all is well tarffic for Context_1 and context_2 will be forwarded by Unit-1 and traffic for context_3 and context_4 will be forwarded by Unit-2.

4. When one unit fails due to some reason, second unit will be only device forwarding traffic for all the four contexts.

Please correct if I am wrong.

Share the experience.

Thanks in advance

subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 08/05/2009 - 03:13

Subodh

Correct. Active/active still uses the concept of active/standby per context or more specifically per failover group.

So lets say you have 4 contexts + admin.

Contexts 1 & 2 are mapped to failover group 1 as is the admin context.

Contexts 3 & 4 are mapped to failover group 2.

ASA1 is active for failover group 1

ASA2 is active for failover group 2

In normal operation traffic for contexts 1,2 + admin will use ASA1 as active firewall and traffic for contexts 3 & 4 will use ASA2 as active.

If ASA1 failed then all traffic would now use ASA2.

Jon

Actions

This Discussion