Solved: Sorry I'm spoiled working

Andrew White · ‎07-02-2014

Hello,

I've noticed our Active/Standby ASA 5520's have the LAN and State failover on the same interface (gig 3 port), but ready that if you can, put them on separate ports. Over the years I haven't seen any issues with this setup but is it best to separate?

Thanks

Marvin Rhoads · ‎07-02-2014

In some scenarios the state interface could be overrun by trying to keep up with replicating state - i.e. if the inside and outside interfaces were 1 Gbps and the shared state interface was on a 100 Mbps interface.

Most ASA implementations I've seen only use a few of the 8 or so available interfaces. So if you have it available, it's recommended to run the state replication on its own interface. That said, the LAN failover interface hardly uses any additional bandwidth.

View solution in original post

Marvin Rhoads · ‎07-02-2014

In some scenarios the state interface could be overrun by trying to keep up with replicating state - i.e. if the inside and outside interfaces were 1 Gbps and the shared state interface was on a 100 Mbps interface.

Most ASA implementations I've seen only use a few of the 8 or so available interfaces. So if you have it available, it's recommended to run the state replication on its own interface. That said, the LAN failover interface hardly uses any additional bandwidth.

Andrew White · ‎07-02-2014

8 interfaces? I wish :)

My 5520s only have 4, but the sub-interface options is just great for my multiple VLANs.

Marvin Rhoads · ‎07-02-2014

Sorry I'm spoiled working primarily with the 5500-X series these days.

Even the smallest of that line (5512-X and 5515-X) have 6 interfaces without using the expansion slot. The rest have 8.

Thanks for the rating though!

ASA 5520 - LAN and State failover on same interface ok?