Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2x ASA 5510 with AIP-SSM and CSC-SSM on each one

Hi there,

I want to ask for the possibility of configuration below? Any feedback and advice are warmly welcomed

  • 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover
  • 1 Cisco ASA 5510 (ASA 1) has AIP-SSM
  • 1 Cisco ASA 5510 (ASA 2) has CSC-SSM
  • There are 2 contexts, context A and context B
  • ASA 1 is the primary firewall for context A, and secondary firewall for context B
  • ASA 2 is the primary firewall for context B, and secondary firewall for context A

  • Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?
  • Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?

Regards,

Tuan

2 REPLIES

Re: 2x ASA 5510 with AIP-SSM and CSC-SSM on each one

Hi,

I suggest that you consult the configuration guide on failover:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1126249

The hardware requirement for High Availability is that:

"The two units in a failover configuration must be  the same model, have the same number and types of interfaces, the same  SSMs installed (if any), and the same RAM installed."

Therefore you will need either AIP in both or a CSC in both.

Having different SSMs in the two ASAs as you have listed above is not a supported configuration.

Don't forget to rate posts that are helpful

New Member

2x ASA 5510 with AIP-SSM and CSC-SSM on each one

Sean,


Because ASA 5510 supports just 1 expansion slot. So might be I have to choose 1 of 2 SSMs to use or go for higher model in 5500 Series.

Thanks for your reply

Regards,

Tuan

919
Views
0
Helpful
2
Replies