Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5520 - LAN and State failover on same interface ok?

Hello,

I've noticed our Active/Standby ASA 5520's have the LAN and State failover on the same interface (gig 3 port), but ready that if you can, put them on separate ports.  Over the years I haven't seen any issues with this setup but is it best to separate?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

In some scenarios the state

In some scenarios the state interface could be overrun by trying to keep up with replicating state - i.e. if the inside and outside interfaces were 1 Gbps and the shared state interface was on a 100 Mbps interface.

Most ASA implementations I've seen only use a few of the 8 or so available interfaces. So if you have it available, it's recommended to run the state replication on its own interface. That said, the LAN failover interface hardly uses any additional bandwidth.

3 REPLIES
Hall of Fame Super Silver

In some scenarios the state

In some scenarios the state interface could be overrun by trying to keep up with replicating state - i.e. if the inside and outside interfaces were 1 Gbps and the shared state interface was on a 100 Mbps interface.

Most ASA implementations I've seen only use a few of the 8 or so available interfaces. So if you have it available, it's recommended to run the state replication on its own interface. That said, the LAN failover interface hardly uses any additional bandwidth.

New Member

8 interfaces?  I wish :)My

8 interfaces?  I wish :)

My 5520s only have 4, but the sub-interface options is just great for my multiple VLANs.

Hall of Fame Super Silver

Sorry I'm spoiled working

Sorry I'm spoiled working primarily with the 5500-X series these days.

Even the smallest of that line (5512-X and 5515-X) have 6 interfaces without using the expansion slot. The rest have 8.

Thanks for the rating though!

90
Views
0
Helpful
3
Replies
CreatePlease to create content