cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1147
Views
0
Helpful
2
Replies

2x ASA 5510 with AIP-SSM and CSC-SSM on each one

ntawork68
Level 1
Level 1

Hi there,

I want to ask for the possibility of configuration below? Any feedback and advice are warmly welcomed

  • 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover
  • 1 Cisco ASA 5510 (ASA 1) has AIP-SSM
  • 1 Cisco ASA 5510 (ASA 2) has CSC-SSM
  • There are 2 contexts, context A and context B
  • ASA 1 is the primary firewall for context A, and secondary firewall for context B
  • ASA 2 is the primary firewall for context B, and secondary firewall for context A

  • Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?
  • Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?

Regards,

Tuan

2 Replies 2

sean_evershed
Level 7
Level 7

Hi,

I suggest that you consult the configuration guide on failover:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1126249

The hardware requirement for High Availability is that:

"The two units in a failover configuration must be  the same model, have the same number and types of interfaces, the same  SSMs installed (if any), and the same RAM installed."

Therefore you will need either AIP in both or a CSC in both.

Having different SSMs in the two ASAs as you have listed above is not a supported configuration.

Don't forget to rate posts that are helpful

Sean,


Because ASA 5510 supports just 1 expansion slot. So might be I have to choose 1 of 2 SSMs to use or go for higher model in 5500 Series.

Thanks for your reply

Regards,

Tuan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: