Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover Configured ASA 5520s +IPS with MARS monitoring

Hello,

I recently installed 2 ASA 5520s in a Active/Standby configureation. They both have IPS blades in them.

My question is, when I go to add them to MARS, how should I do it:

1. Add both ASAs (one using the active IP and the other using the standby) and add an IPS module to each unit.

2. Add only the active ASA, and add both IPS blades to the one unit.

3. Add only the active ASA, and add each IPS as its own device.

I am concerned about keeping the IPS blades configs synched. I assume by using MARS to manage them this should not be a concern?

1 REPLY

Re: Failover Configured ASA 5520s +IPS with MARS monitoring

Hi,

You only need to add one ASA (the active one) because the second will never be in the traffic path - and anyway MARS won't let you add two because although they have different IP's they have the same hostname.

Although the IPS modules are inside an ASA chassis they are really independent and must be treated as such. The first one can be added as a module of the active ASA or as a standalone IPS (MARS doesn't care) but the second must be added as a standalone IPS.

There is NO config sync between the IPS modules - consider using CSM if you need management, else you muct manually keep them in config sync and manually load sig updates on each.

HTH - plz rate if useful.

Andrew.

164
Views
12
Helpful
1
Replies
CreatePlease login to create content