Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
0
Helpful
2
Replies

ASA geographic / long distance LAN failover

mark.j.hodge
Level 3
Level 3

‎09-11-2009 03:52 AM - edited ‎03-11-2019 09:14 AM

Has anybody got recent experiance / case studies for long distance LAN failover? I have found this site, which shows an example using PIX and 6.2 Code

http://www.sans.org/reading_room/whitepapers/firewalls/long_distance_failover_high_availability_using_cisco_pix_firewall_1159

However I would be interested in any experiances using more recent hardware and software.

Also, is it possible/practical to have more that two devices in the cluster. I am investigating the possibility of local failover within a site, and geographic failover if there is a total site failure.

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎09-17-2009 06:27 AM

It is not possible to have more than two asa's in a failover pair. If you need higher redundancy or load balancing, add another failover pair and adjust the routing tables accordingly - you still have to maintain a configuration for each failover pair though.

I've never set up failover across a long distance. As long as it meets the IP addressing and delay requirements across monitored interfaces you should be alright.

0 Helpful

hernankohnen
Level 1
Level 1

‎07-16-2010 01:49 PM

Mark,

It's been 4 years since your question and I was wondering if you were lucky on implementing more than 2 devices on an ASA cluster? I'm thinking on having a Primary cluster (Active/Standby) in one site and a 3rd device as a 2nd standby in the second site.

Thakns in advance!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card