cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1603
Views
0
Helpful
6
Replies

ASA Active/Standby failover mode with WAN Link

danielnunes
Level 1
Level 1

Folks,

Today I have a ASA running with Active/Standby mode in the same central site and now the new topology

is considering ASA Active/Standby mode but in different sites across a private WAN Link.

Is there any considerations on failover commands to avoid delay problems with failover link?

thanks a lot

6 Replies 6

Panos Kampanakis
Cisco Employee
Cisco Employee

Running failover through a WAN link is not recommended.

The units need to have L2 connectivity.

Delay and temporary packet loss over a wan link could cause any kind of issues to failover like active/active situations.

I hope it clarifies it a little.

PK

Hi Kampana,

thank for your attention,

let me tell you about that wan link , actually is a L2L link and we will have a L2 adjacency between them.

what do you think?

thanks a lot

People do this all the time. So, long as you have L-2 adjacency you should be good.

Pls. refer this link for commands: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html

-KS

Very good my friends,

thanks a lot

Still, even with L2L connectivity, there could be any kind of delays and drops through a WAN MPLS link.

If you running stateful failover I would avoid it.

It could work ok but depending on your connection rates and WAN status you could see hickups etc.

If it is not stateful then you might be able to get away with it.

PK

Hummmm,good tips my friend.

Our Lan2Lan link have 10Gig between sites but I will consider avoid running stateful failover.

thanks a lot

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: