failover with 2 ASA5510 not identical

Unanswered Question
Jun 15th, 2010
User Badges:

Hi all,

I have a doubt.

I have 2 Cisco ASA5510 which are not identical.

Failover seems to work, with sh failover I have this situation


This host: Primary - Active
        Active time: 2803 (sec)
        slot 0: ASA5510 hw/sw rev (1.1/8.2(1)11) status (Up Sys)
          Interface inside (10.11.5.102): Normal
          Interface management (192.168.1.1): No Link (Waiting)
        slot 1: empty
    Other host: Secondary - Standby Ready
        Active time: 7513 (sec)
        slot 0: ASA5510 hw/sw rev (2.0/8.2(1)11) status (Up Sys)
          Interface inside (10.11.5.101): Normal
          Interface management (0.0.0.0): No Link (Waiting)
        slot 1: empty


The secondary has 1024MB of RAM (flash 256MB), the primary has 256MB of RAM (=flash).


Could I have any problem because of these differences?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
Federico Coto F... Tue, 06/15/2010 - 06:21
User Badges:
  • Green, 3000 points or more

Hi,


The supported and recommended failover scenario from cisco is when you have both ASAs with exactly the same hardware and licenses (prior to 8.3).

So, the chassis, interfaces, RAM has to match. (flash not necessarily).

Both units should have the same licenses and same major software image.


Federico.

Panos Kampanakis Tue, 06/15/2010 - 15:37
User Badges:
  • Cisco Employee,

The ASAs will currently not check the RAM for failover. So they will be able to establish it fine.

I don't think you want to run it like this though, because in case you failover to the guy that has 256MB of RAM you might end up having issues and practically not be fully redundant.


I hope it helps.


PK

gdspa Wed, 06/16/2010 - 06:59
User Badges:

I configured as primary the firewall with less RAM.

In this way I am sure that, if failover happens, RAM on the secondary is not a problem.

Panos Kampanakis Wed, 06/16/2010 - 07:36
User Badges:
  • Cisco Employee,

Hmm, not the cleanest solution, but it makes sense.

Please rate helpful posts.


Rgs,

PK

Actions

This Discussion