can ASA5525-X HA RUN failover link on fiber port of the expansion module?
the client has 2 firewals , in different floor, they require to do a active/standby HA . if the length is over 100M, can we order 6x GE spf module for ASA5525-X , and configure the fiber port to be failover /state port ? any one has done this before ? I assume it will work, just need get a confirmation.
"You can use any unused interface (physical, redundant, or EtherChannel) as the failover link"
The only thing to note for very long distances is down a bit further in that guide:
"For optimum performance when using long distance failover, the latency for the failover link should be less than 10 milliseconds and no more than 250 milliseconds. If latency is more than10 milliseconds, some performance degradation occurs due to retransmission of failover messages."
10 milliseconds is no problem since propagation delay over 50 micron fiber @ 1310 nm is about 5 microseconds/km.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...