Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA Active/Standby failover mode with WAN Link

Folks,

Today I have a ASA running with Active/Standby mode in the same central site and now the new topology

is considering ASA Active/Standby mode but in different sites across a private WAN Link.

Is there any considerations on failover commands to avoid delay problems with failover link?

thanks a lot

6 REPLIES
Cisco Employee

Re: ASA Active/Standby failover mode with WAN Link

Running failover through a WAN link is not recommended.

The units need to have L2 connectivity.

Delay and temporary packet loss over a wan link could cause any kind of issues to failover like active/active situations.

I hope it clarifies it a little.

PK

New Member

Re: ASA Active/Standby failover mode with WAN Link

Hi Kampana,

thank for your attention,

let me tell you about that wan link , actually is a L2L link and we will have a L2 adjacency between them.

what do you think?

thanks a lot

Cisco Employee

Re: ASA Active/Standby failover mode with WAN Link

People do this all the time. So, long as you have L-2 adjacency you should be good.

Pls. refer this link for commands: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html

-KS

New Member

Re: ASA Active/Standby failover mode with WAN Link

Very good my friends,

thanks a lot

Cisco Employee

Re: ASA Active/Standby failover mode with WAN Link

Still, even with L2L connectivity, there could be any kind of delays and drops through a WAN MPLS link.

If you running stateful failover I would avoid it.

It could work ok but depending on your connection rates and WAN status you could see hickups etc.

If it is not stateful then you might be able to get away with it.

PK

New Member

Re: ASA Active/Standby failover mode with WAN Link

Hummmm,good tips my friend.

Our Lan2Lan link have 10Gig between sites but I will consider avoid running stateful failover.

thanks a lot

1189
Views
0
Helpful
6
Replies
CreatePlease to create content