Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

Lan and State failover - benefits of separate interfaces?

I've typically configured both LAN and State failover for the ASAs via the same physical interface.  For example on an ASA5510:

failover

failover lan unit primary

failover lan interface FAILOVER Ethernet0/3

failover link FAILOVER Ethernet0/3

failover interface ip FAILOVER 192.168.0.1 255.255.255.252 standby 192.168.0.2

I'm now upgrading to the -X series, and since they have more physical interfaces, I'm wondering if there's any advantage to configuring stateful failover information on a separate interface?  Like this:

failover lan unit primary

failover lan interface LAN_FAILOVER GigabitEthernet0/4

failover link STATE_FAILOVER GigabitEthernet0/5

failover interface ip LAN_FAILOVER 192.168.0.1 255.255.255.252 standby 192.168.0.2

failover interface ip STATE_FAILOVER 192.168.1.1 255.255.255.252 standby 192.168.1.2

Everyone's tags (4)
2 REPLIES
Bronze

Lan and State failover - benefits of separate interfaces?

Community Member

Lan and State failover - benefits of separate interfaces?

Hello Johnyy,

Can you please share what you understood from this? and which one should be used?

Or if I say I want to enable statefull failover so that when my Primary firewall goes down, all the connection information should be passed to secondary set and secondary to act as active one. For this do I need to enable both Lan failover as well as link faiolver?

I doubt if failover link only helps in sharing connection information to secondary firewall. and lan failover is allways needed to check state of primary firewall.

1902
Views
0
Helpful
2
Replies
CreatePlease to create content