I am setting up redundant 5520's for the first time and have a question on the failover interface. I have read but can't now find info on best practices regarding the management interface as well as the failover interface. My plan is to implement stateful failover in an Active/Standby config. I would like to use the Management interface for use as the failover also. Is this wise? If so should I use subinterfaces? Are there any gotchas I need to be aware of?
Cisco say that for stateful failover you should use an interface equal to the highest bandwidth. So for an ASA that would be a GE. However you may want to gamble and use a 100M instead, I have done this before.
It is ok to use subinterfaces for the hellos and stateful info, but I wouln't share that interface with anything else.
I'm sorry I don't quite understand this sentence.If I am using a subinterface wouldn't that imply that I am sharing the interface(with another subinterface)? Or are you saying on this particular subinterface I shouldn't share traffic?
I just installed two ASA 5520's with statefull failover in an Active/Standby configuration. I did not want to sacrafice one of the ge int's for this. I'm using the management interface and am graphing the bandwidth usage with MRTG. So far after one full business day, its only consumed 100kb on the link. Without knowing your traffic utilization, it's hard to say if you'll run into problems but it peaked with a little over 9000 connections and 100kb was all it needed. Chances are you'll be ok.
My configuration is going to be rather simple. I should be passing a relatively low amount( in packets or streams) of high volume data.Bandwidth wise I will be needy but in amounts of packets or conversations pretty low. Relatively straight forward NAT rules.I will also only be using 1 context with 4 or 5 interfaces. It would seem my this level of use should not be passing large amounts of stateful data.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...