Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Stateful Failover

Hi,

does the ASA 5505 do any kind of stateful failover?

The cisco website says no, but i've had a salesman tell me it does.

I notice the 5510 can do it with lisenced software... is this correct?

Sorry, not much experience with ASA's

Cheers

Mario

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA Stateful Failover

Correct - the 5520 upwards supports stateful failvoer.

14 REPLIES

Re: ASA Stateful Failover

Please supply the cisco page that states the ASA does not perform statefull failover, as this is not 100% true - there are 1 or 2 situations where the ASA does not perform statefull failover.

See the below url:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#statef

Community Member

Re: ASA Stateful Failover

Thanks for the reply,

so if the ASA's have version 7.x or above, you can configure them as you would with 2 PIX's?

with a serial cable as the failover interface?

I breifly drafted through and probably not taking it all in properly.

Thanks again!

Mario

Re: ASA Stateful Failover

OK - here's the thing, the serial cable ONLY carries failover hello's and config replication etc.

If you want statefull failover you need to have a LAN connection between the 2 devices.

HTH>

Community Member

Re: ASA Stateful Failover

right OK...

thanks for the help Andrew, much appreciated.

Community Member

Re: ASA Stateful Failover

Ooops, forgot to ask... are there any special software/license requirements. Or would this be possible out of the box?

Re: ASA Stateful Failover

You need to have the failover option in the license on both units.

Community Member

Re: ASA Stateful Failover

Hi Andrew,

thanks very much for the info.

Do you know what the below quote means from the article? not too familiar with different contexts.

Note: VPN failover is not supported on units that run in multiple context mode as VPN is not supported in multiple context. VPN failover is available only for Active/Standby Failover configurations in single context configurations.

Thanks!

Re: ASA Stateful Failover

If you do not know what contexts are, you are not using them - you don't need to worry about them.

Community Member

Re: ASA Stateful Failover

lol, OK fair enough...

I am going to start comparing the 2 models... 5505's and 5510's.

Thanks for your help so far.

Re: ASA Stateful Failover

;o)

Community Member

Re: ASA Stateful Failover

Hi Andrew,

i've found the page that advises thatr the feature is not available on the 5505...

let me know what you think...

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Thanks

Re: ASA Stateful Failover

The 5505 is for small sites, if you want failover you need the 5520 and above.

Community Member

Re: ASA Stateful Failover

ok, now i'm confused...

so the 5505 & 5510 units do not apply to the URL that you posted right at the beggining of this conversation, no?

in general terms, for stateful failover, we need to be looking at 5520??

Mario

Re: ASA Stateful Failover

Correct - the 5520 upwards supports stateful failvoer.

654
Views
0
Helpful
14
Replies
CreatePlease to create content