Cisco Support Community
Community Member

Question of the concept of Active/Active Failover

Hi All,

I have read the 7.2(1) guide and picked up some knowledge about the AA FO. I would like to confirm some of my understanding, as the following:

1. AA on ASA7.0 is not functional as an actual load-balancing which network traffic are not being processed by two ASA simultaneously. The traffic is only passed to the ASA which is having the "Active" failover group. The two ASA are not holding one virtual IP as gateway for the network. Actually there are two Active/Standby failover group existing in the 2 units but Active role for each failover group can be act by each one of ASA.

2. VPN and dynamic routing protocol, multicast do not support in multi context mode.

Are the above concept right? Thanks!


Best regards


Re: Question of the concept of Active/Active Failover

Community Member

Re: Question of the concept of Active/Active Failover

You are essentially correct, multiple context mode disables VPN and routing protocols.

The "active/active" is a misleading term because we are used to thinking in terms of a single context, and "active/standby" is the only way things worked prior to the ASAs.

Even *with* the ASAs, a given context ALWAYS runs in "active/standby" mode. A context NEVER has both peers in active mode.

When you have multiple contexts, they are still each running active/standby, but you can distribute the "active" sides to either ASA based on the failover group assignment.

CreatePlease to create content