Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5250 - Failover Interface

hey all, we have dual ASA5520 setup for failover on a dedicated interface (directly connected with a straight cable).

they will need to be located on two separate parts of the network temporarily. any way we can use a dedicated vlan to allow the failover interfaces to communicate?

i know it is not recommended but will only be temporary.




Re: ASA5250 - Failover Interface


A dedicated VLAN should work fine. This Cisco document references using dedicated VLAN's for LAN based failover:

Hope this helps.

Best Regards,


New Member

Re: ASA5250 - Failover Interface

It looks like the switch connected to the failover interfaces is used only for that purpose. In our setup, the failover will be interconnected through several switches in our core but only on one vlan.

Re: ASA5250 - Failover Interface

As long as the VLAN is dedicated for failover traffic only, I think you should be fine.

The only other issue in your case that I can possibly think of would be the potential for increased latency by having the failover communication traversing several physical switches to reach the other unit.

According to the PIX/ASA v7.0 command reference, "For optimum performance when using long distance LAN failover, the latency for the failover link should be less than 10 milliseconds and no more than 250 milliseconds. If latency is more than 10 milliseconds, some performance degradation occurs due to retransmission of failover messages."

I don't think it should be an issue, but you never know. ;)

New Member

Re: ASA5250 - Failover Interface

nice, thanks a lot!

CreatePlease login to create content