×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA Failover between three ASA

Answered Question
Mar 17th, 2014
User Badges:

Hi,

 

I want to make this senario for failover like in attached picture, 

 

for ASA-A its connected to deffrent ISP of ASA-B, and every ASA handle deffrent network, can i put another ASA with two context as standby for actives FW's

 

Thanks.

 

 

 

 

Attachment: 
Correct Answer by Marvin Rhoads about 3 years 5 months ago

No - sorry that will not work.

"The two units in a failover configuration must:

...

Be in the same context mode (single or multiple)."

Source.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Mon, 03/17/2014 - 11:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

No - sorry that will not work.

"The two units in a failover configuration must:

...

Be in the same context mode (single or multiple)."

Source.

Karsten Iwen Wed, 03/19/2014 - 00:48
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

As Marvin stated, it won't work as in your picture.

But if you don't need any features that are not available in multiple-context-mode, then you could configure Active/Active-failover between ASA-A and ASA-B with one context for the operation of ASA-A and another Context for the operation of ASA-B.

Marvin Rhoads Wed, 03/19/2014 - 06:28
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Good suggestion, Karsten.

The only caveat that brings to mind is that remote access VPN isn't supported in multi-context mode. So if that's in use they couldn't go that route.

 

p.s. hope to see you at Cisco Live this year.

Actions

This Discussion