theoritically, with Layer 3 setup, CAM's can have routed IP addresses, on the HA interfaces... again.. i say .. theoritically..
but practically.. i really donno what this blackbox does ! this is one box, for which even the cisco docs arent that good enuf !! there are multiple scenarios and solutions associated with this box and sometimes we are handicapped ! if had a lab before soemtime, but wasnt able to test this.. if you get a chance, test this.. i think it might work, since you just give the "service IP address" and the hostname on the failover settings.. and if the service IP address is reachable, it should be fine..
the only reason i would see them to be in the same location is, that the latency / packet drops if any, on the WAN.. becomes really complicated, if the WAN is unstable.. so, better to have this locally :)
didnt i confuse you ;) thats what this NAC appliance does, for most of us.. he he..
I dont see why this would be an issue as long as routing is sound.
Should you loose around 30 seconds of communication (default) between the two CAMs before this would become a problem. At this point the 2 CAMs would both think they are active which might play to your advantage for a while if each site has its own CAS.
Some additional information that indicates that it is impossible to use a L3 link between Failover CAM's . As it turns out, the failover interface cannot be Layer 3 as well because the subnet mask of the failover interface is fixed at /30.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :