10-23-2009 05:21 AM - edited 03-11-2019 09:30 AM
In Cisco doc (ID 77809), PIX/ASA: Active/Standby Failover Configuration Example, LAN-Based Active/Standby Failover Config, it states that: "Instead of using a crossover Ethernet cable to directly link the units, Cisco recommends that you use a dedicated switch between the primary and secondary units".
Please any one can let me know more about the reasoning behind it.
Also if we do not use "dedicated switch", instead, we use vlan in switch for this purpos. The config likes: primary ASA <--> primary switch <-->secondary switch <--> secondary ASA.
Tese two switches are distribution switches.
Can you see any problem?
Thanks.
Solved! Go to Solution.
10-23-2009 05:54 AM
Each interface should connect to a switch port so that the link status is always up to one firewall interface if the other firewall interface fails. Otherwise, both units sense a link-down condition and assume that their own interfaces have a failure. You don't need a dedicated switch, you can use your distributions switches.
10-23-2009 05:54 AM
Each interface should connect to a switch port so that the link status is always up to one firewall interface if the other firewall interface fails. Otherwise, both units sense a link-down condition and assume that their own interfaces have a failure. You don't need a dedicated switch, you can use your distributions switches.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide