Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover Configured ASA 5520s +IPS with MARS monitoring


I recently installed 2 ASA 5520s in a Active/Standby configureation. They both have IPS blades in them.

My question is, when I go to add them to MARS, how should I do it:

1. Add both ASAs (one using the active IP and the other using the standby) and add an IPS module to each unit.

2. Add only the active ASA, and add both IPS blades to the one unit.

3. Add only the active ASA, and add each IPS as its own device.

I am concerned about keeping the IPS blades configs synched. I assume by using MARS to manage them this should not be a concern?


Re: Failover Configured ASA 5520s +IPS with MARS monitoring


You only need to add one ASA (the active one) because the second will never be in the traffic path - and anyway MARS won't let you add two because although they have different IP's they have the same hostname.

Although the IPS modules are inside an ASA chassis they are really independent and must be treated as such. The first one can be added as a module of the active ASA or as a standalone IPS (MARS doesn't care) but the second must be added as a standalone IPS.

There is NO config sync between the IPS modules - consider using CSM if you need management, else you muct manually keep them in config sync and manually load sig updates on each.

HTH - plz rate if useful.


CreatePlease login to create content