Does anyone have any experience with using the same interface for LAN and stateful failover? Cisco documentation suggests using two interfaces. I am about to convert from a PIX 525 to an ASA (deciding on model). I would prefer to not burn 2 of the 4 GiE interfaces on failover. Currently my PIX 525 uses a serial cable and a 100 Mb interface. The stateful interface is passing about 10 Mb /sec of traffic. The serial cable is rated at 115K. These numbers would suggest 1 GiE interface would be plenty.
Hes right. You can use one port per ASA. And to take that one step further, Cisco doesnt recommend it, but you can use the management 10/100 port for the failover. Ive been running that way for almost two years without any issues.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...