cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1259
Views
0
Helpful
3
Replies

ASA Redundancy

robert.falconer
Level 1
Level 1

I'd like to hear some comments from people that have used the redundant interface feature on the ASA. Has there been any noticeable benefit in failover times?

Or can the failover polltimes be tuned so that this feature is unnecessary and is not worth the cost of burning so many ports on the firewall?

Thanks.

3 Replies 3

Nitin Agarwal
Level 1
Level 1

Hi,

Please let me know if you are talking about ISP failover in a single ASA  or failover feature between two ASAs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Let me know for further queries.

Regards,

Nitin Agarwal

Nitin,

I am talking about using the redundant interface feature on the ASA and unit redundancy VS. using only unit redundancy.

The redundant interface feature fails over a bit quicker but at the cost of burning ports and additional complexity.

In my testing, with adjusted polling timers, I didn't find that the difference in failover times between the 2 methods seemed to justify using the redundant interface feature.

I was hoping that there are some people out there that have done it both ways and have some thoughts on it.

Thanks.

Hi,

Well these are two different scenerios. Interface redundancy is at a single ASA level. If the unit fails then there is no point in keeping a redundant link.

On the other hand if you consider failover between two ASAs then yes you make sure that if one unit fails the other takes over.

I agree that the failover between two units is slower than that of the interface as all the connection states need to be replicated on thge second unit.

Are you using statefull failover?

what is teh poll time you tested with.

Regards,

Nitin Agarwal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: