Assigning Interfaces for ASA 5510

Answered Question
Jun 2nd, 2010

Hi,

I'm setting up two 5510's.

e0/0 and e0/1 are GIG

e0/2 e0/3 and management are 100Mb

At the moment I have my outside assigned to e0/0 and inside on e0/1.

I was wondering if its ok to use on of the 100Mbs ports for the stateful failover connection or is that strongly reccomended against?

I want to keep the inside interface as GIG as it is connected to gig switches and doing inter vlan routing. So theres a lot of traffic going between sub interfaces.

I guess the other option is to conifgure the outside as 100mb. This is our internet link.

Any suggestions are very much appreciated.

Thanks.

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 6 months ago

You are correct. Because of CPU limitation, you can use the 100Mbps interface, however, I would still recommend you to use the fastest interface if you also have the additional 4 port interface module.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Wed, 06/02/2010 - 19:22

For stateful failover link, it is strongly recommended to use the fastest interface of the ASA especially if you have a lot of traffic. Otherwise, it will not

cope with the replication of the states if you are not using the fastest interface of the ASA.

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1051759

(scroll down to the "Failover Interface Speed for Stateful Links" section)

Hope that helps.

marcosgeorgopoulos Wed, 06/02/2010 - 20:56

Thanks Halijenn

What is confusing me is the following from the link you provided.

"

Cisco ASA 5510 and PIX 525

Stateful link speed can be 100 Mbps,  even though the data interface can operate at 1 Gigabit due to the CPU  speed limitation.

"

Is this stating I can just use the 100Mb interface because the CPU limitation is restricting the speed of the failover information to 100Mbs only?

Thanks.

Correct Answer
Jennifer Halim Wed, 06/02/2010 - 22:20

You are correct. Because of CPU limitation, you can use the 100Mbps interface, however, I would still recommend you to use the fastest interface if you also have the additional 4 port interface module.

Actions

This Discussion