ASA Firewall assistance

Answered Question
Sep 25th, 2009

I need to purchase a pair of ASA 5510 to setup site-to-site VPN Active/Standby between my company

with a partner. The partner is using an open-source product called Vyatta. We will be using

AES-256/DH-group5/SHA with PFS Group 5.

I have not used Pix/ASA for a while so I am a little rusty on the terminologies. Can someone help?

When I setup something like two years ago with Pix535. I understand that in order to do something

like what I described above, the Primary Pix needs to have Un-Restricted (UR) license while the

secondary Pix needs only FailOver (FO) license. With this configuration, I will have Active/Standby

configuration for site-to-site VPN. I also understand that if the Primary UR Pix goes down for

whatever reason, the FO Pix will take over, BUT if the Secondary FO Pix can NOT stay up for more than

24 hours if the Primary is still down. The Secondary FO Pix will reboot by itself 24 hours if the

Primary is still down.

I would like to purchase a pair of ASA5510 with 8.2 code with Active/Standby IPSec Lan-2-Lan VPN.

I think I willl need to purchase this "Cisco ASA 5510 Security Plus Firewall Edition Bundle with

the part number of ASA5510-SEC-BUN-K9".

Does it mean I need to purchase two of these? Is there such a thing as "FailOver (FO)" part number

for ASA?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


This Discussion