07-02-2014 07:21 AM - edited 03-12-2019 06:06 PM
Hello,
I've noticed our Active/Standby ASA 5520's have the LAN and State failover on the same interface (gig 3 port), but ready that if you can, put them on separate ports. Over the years I haven't seen any issues with this setup but is it best to separate?
Thanks
Solved! Go to Solution.
07-02-2014 07:49 AM
In some scenarios the state interface could be overrun by trying to keep up with replicating state - i.e. if the inside and outside interfaces were 1 Gbps and the shared state interface was on a 100 Mbps interface.
Most ASA implementations I've seen only use a few of the 8 or so available interfaces. So if you have it available, it's recommended to run the state replication on its own interface. That said, the LAN failover interface hardly uses any additional bandwidth.
07-02-2014 07:49 AM
In some scenarios the state interface could be overrun by trying to keep up with replicating state - i.e. if the inside and outside interfaces were 1 Gbps and the shared state interface was on a 100 Mbps interface.
Most ASA implementations I've seen only use a few of the 8 or so available interfaces. So if you have it available, it's recommended to run the state replication on its own interface. That said, the LAN failover interface hardly uses any additional bandwidth.
07-02-2014 09:22 AM
8 interfaces? I wish :)
My 5520s only have 4, but the sub-interface options is just great for my multiple VLANs.
07-02-2014 09:38 AM
Sorry I'm spoiled working primarily with the 5500-X series these days.
Even the smallest of that line (5512-X and 5515-X) have 6 interfaces without using the expansion slot. The rest have 8.
Thanks for the rating though!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide