ASA Active/Standby failover mode with WAN Link

Unanswered Question
Mar 22nd, 2010
User Badges:

Folks,

Today I have a ASA running with Active/Standby mode in the same central site and now the new topology

is considering ASA Active/Standby mode but in different sites across a private WAN Link.


Is there any considerations on failover commands to avoid delay problems with failover link?


thanks a lot

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 03/22/2010 - 13:18
User Badges:
  • Cisco Employee,

Running failover through a WAN link is not recommended.

The units need to have L2 connectivity.


Delay and temporary packet loss over a wan link could cause any kind of issues to failover like active/active situations.


I hope it clarifies it a little.


PK

danielnunes Mon, 03/22/2010 - 14:21
User Badges:

Hi Kampana,

thank for your attention,

let me tell you about that wan link , actually is a L2L link and we will have a L2 adjacency between them.



what do you think?


thanks a lot

Panos Kampanakis Mon, 03/22/2010 - 14:40
User Badges:
  • Cisco Employee,

Still, even with L2L connectivity, there could be any kind of delays and drops through a WAN MPLS link.


If you running stateful failover I would avoid it.

It could work ok but depending on your connection rates and WAN status you could see hickups etc.

If it is not stateful then you might be able to get away with it.


PK

danielnunes Mon, 03/22/2010 - 17:39
User Badges:

Hummmm,good tips my friend.


Our Lan2Lan link have 10Gig between sites but I will consider avoid running stateful failover.



thanks a lot

Actions

This Discussion