ASA geographic / long distance LAN failover

mark.j.hodge · ‎09-11-2009

Has anybody got recent experiance / case studies for long distance LAN failover? I have found this site, which shows an example using PIX and 6.2 Code

http://www.sans.org/reading_room/whitepapers/firewalls/long_distance_failover_high_availability_using_cisco_pix_firewall_1159

However I would be interested in any experiances using more recent hardware and software.

Also, is it possible/practical to have more that two devices in the cluster. I am investigating the possibility of local failover within a site, and geographic failover if there is a total site failure.

srue · ‎09-17-2009

It is not possible to have more than two asa's in a failover pair. If you need higher redundancy or load balancing, add another failover pair and adjust the routing tables accordingly - you still have to maintain a configuration for each failover pair though.

I've never set up failover across a long distance. As long as it meets the IP addressing and delay requirements across monitored interfaces you should be alright.

hernankohnen · ‎07-16-2010

Mark,

It's been 4 years since your question and I was wondering if you were lucky on implementing more than 2 devices on an ASA cluster? I'm thinking on having a Primary cluster (Active/Standby) in one site and a 3rd device as a 2nd standby in the second site.

Thakns in advance!