failover with 2 ASA5510 not identical

gdspa · ‎06-15-2010

Hi all,

I have a doubt.

I have 2 Cisco ASA5510 which are not identical.

Failover seems to work, with sh failover I have this situation

This host: Primary - Active
        Active time: 2803 (sec)
        slot 0: ASA5510 hw/sw rev (1.1/8.2(1)11) status (Up Sys)
          Interface inside (10.11.5.102): Normal
          Interface management (192.168.1.1): No Link (Waiting)
        slot 1: empty
    Other host: Secondary - Standby Ready
        Active time: 7513 (sec)
        slot 0: ASA5510 hw/sw rev (2.0/8.2(1)11) status (Up Sys)
          Interface inside (10.11.5.101): Normal
          Interface management (0.0.0.0): No Link (Waiting)
        slot 1: empty

The secondary has 1024MB of RAM (flash 256MB), the primary has 256MB of RAM (=flash).

Could I have any problem because of these differences?

Federico Coto Fajardo · ‎06-15-2010

Hi,

The supported and recommended failover scenario from cisco is when you have both ASAs with exactly the same hardware and licenses (prior to 8.3).

So, the chassis, interfaces, RAM has to match. (flash not necessarily).

Both units should have the same licenses and same major software image.

Federico.

Panos Kampanakis · ‎06-15-2010

The ASAs will currently not check the RAM for failover. So they will be able to establish it fine.

I don't think you want to run it like this though, because in case you failover to the guy that has 256MB of RAM you might end up having issues and practically not be fully redundant.

I hope it helps.

PK

gdspa · ‎06-16-2010

I configured as primary the firewall with less RAM.

In this way I am sure that, if failover happens, RAM on the secondary is not a problem.

Panos Kampanakis · ‎06-16-2010

Hmm, not the cleanest solution, but it makes sense.

Please rate helpful posts.

Rgs,

PK