Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

failover with 2 ASA5510 not identical

Hi all,

I have a doubt.

I have 2 Cisco ASA5510 which are not identical.

Failover seems to work, with sh failover I have this situation

This host: Primary - Active
        Active time: 2803 (sec)
        slot 0: ASA5510 hw/sw rev (1.1/8.2(1)11) status (Up Sys)
          Interface inside (10.11.5.102): Normal
          Interface management (192.168.1.1): No Link (Waiting)
        slot 1: empty
    Other host: Secondary - Standby Ready
        Active time: 7513 (sec)
        slot 0: ASA5510 hw/sw rev (2.0/8.2(1)11) status (Up Sys)
          Interface inside (10.11.5.101): Normal
          Interface management (0.0.0.0): No Link (Waiting)
        slot 1: empty

The secondary has 1024MB of RAM (flash 256MB), the primary has 256MB of RAM (=flash).

Could I have any problem because of these differences?

4 REPLIES

Re: failover with 2 ASA5510 not identical

Hi,

The supported and recommended failover scenario from cisco is when you have both ASAs with exactly the same hardware and licenses (prior to 8.3).

So, the chassis, interfaces, RAM has to match. (flash not necessarily).

Both units should have the same licenses and same major software image.

Federico.

Cisco Employee

Re: failover with 2 ASA5510 not identical

The ASAs will currently not check the RAM for failover. So they will be able to establish it fine.

I don't think you want to run it like this though, because in case you failover to the guy that has 256MB of RAM you might end up having issues and practically not be fully redundant.

I hope it helps.

PK

New Member

Re: failover with 2 ASA5510 not identical

I configured as primary the firewall with less RAM.

In this way I am sure that, if failover happens, RAM on the secondary is not a problem.

Cisco Employee

Re: failover with 2 ASA5510 not identical

Hmm, not the cleanest solution, but it makes sense.

Please rate helpful posts.

Rgs,

PK

186
Views
6
Helpful
4
Replies
CreatePlease to create content