Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


ASA Firewall assistance

I need to purchase a pair of ASA 5510 to setup site-to-site VPN Active/Standby between my company

with a partner. The partner is using an open-source product called Vyatta. We will be using

AES-256/DH-group5/SHA with PFS Group 5.

I have not used Pix/ASA for a while so I am a little rusty on the terminologies. Can someone help?

When I setup something like two years ago with Pix535. I understand that in order to do something

like what I described above, the Primary Pix needs to have Un-Restricted (UR) license while the

secondary Pix needs only FailOver (FO) license. With this configuration, I will have Active/Standby

configuration for site-to-site VPN. I also understand that if the Primary UR Pix goes down for

whatever reason, the FO Pix will take over, BUT if the Secondary FO Pix can NOT stay up for more than

24 hours if the Primary is still down. The Secondary FO Pix will reboot by itself 24 hours if the

Primary is still down.

I would like to purchase a pair of ASA5510 with 8.2 code with Active/Standby IPSec Lan-2-Lan VPN.

I think I willl need to purchase this "Cisco ASA 5510 Security Plus Firewall Edition Bundle with

the part number of ASA5510-SEC-BUN-K9".

Does it mean I need to purchase two of these? Is there such a thing as "FailOver (FO)" part number

for ASA?

Thanks in advance.


Accepted Solutions
New Member

Re: ASA Firewall assistance

New Member

Re: ASA Firewall assistance

CreatePlease to create content