Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA Redundancy

I'd like to hear some comments from people that have used the redundant interface feature on the ASA. Has there been any noticeable benefit in failover times?

Or can the failover polltimes be tuned so that this feature is unnecessary and is not worth the cost of burning so many ports on the firewall?

Thanks.

Everyone's tags (3)
3 REPLIES
New Member

Re: ASA Redundancy

Hi,

Please let me know if you are talking about ISP failover in a single ASA  or failover feature between two ASAs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Let me know for further queries.

Regards,

Nitin Agarwal

New Member

Re: ASA Redundancy

Nitin,

I am talking about using the redundant interface feature on the ASA and unit redundancy VS. using only unit redundancy.

The redundant interface feature fails over a bit quicker but at the cost of burning ports and additional complexity.

In my testing, with adjusted polling timers, I didn't find that the difference in failover times between the 2 methods seemed to justify using the redundant interface feature.

I was hoping that there are some people out there that have done it both ways and have some thoughts on it.

Thanks.

New Member

Re: ASA Redundancy

Hi,

Well these are two different scenerios. Interface redundancy is at a single ASA level. If the unit fails then there is no point in keeping a redundant link.

On the other hand if you consider failover between two ASAs then yes you make sure that if one unit fails the other takes over.

I agree that the failover between two units is slower than that of the interface as all the connection states need to be replicated on thge second unit.

Are you using statefull failover?

what is teh poll time you tested with.

Regards,

Nitin Agarwal

645
Views
0
Helpful
3
Replies
CreatePlease to create content