Cluster ASA configuration without the failover cable

Unanswered Question
Apr 29th, 2010
User Badges:

1.How can I make two firewalls cluster without the failover cable. I need to do failover from the inside. Is there any example configuration?

2.Which ports does the ipsec site-to-site vpn configuration use between two asa firewalls?


Regards....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Thu, 04/29/2010 - 11:04
User Badges:
  • Green, 3000 points or more

Hi,


On the ASA there's no need for a failover cable anymore (like PIXes)

You should use a dedicated Ethernet interface for failover communication between both ASAs.

Optionally, if you enable stateful failover, can use another or the same interface.

It is recommended to be the highest-speed interface on the device.


Take a look:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html


Normally, an IPsec L2L tunnel will use both E0 (outside) interfaces on the ASA.


Federico.

Actions

This Discussion