Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OSPF ASA 5520 in failover mode

Okay guys so I'm sort of in a predicament. I currently have a set of firewalls in active standby configuration running an ospf process injecting a default route into the rest of my network.

I noticed when i was testing the failover that the asa's do not actually pass the route tables on failover, thus forcing the need to wait for routes to converge and for the default route to be advertised back into the network. This of course is not acceptable.

Is there a way around this or do I have to setup static default routes on every device in my network. I am trying to avoid setting up default routes on all of the devices because due to the setup of my network I have equal cost links configured in the event of hardware or link failure. So the devices then see an advertised default route from multiple paths.

Any help would be appreciated.

4 REPLIES
Silver

Re: OSPF ASA 5520 in failover mode

In a failover configuration, the two units must have the same hardware configuration They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Note The two units do not have to have the same size Flash memory. If using units with different Flash memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory will fail.

New Member

OSPF ASA 5520 in failover mode

you are right - you will have to setup static routes.

Dynamic Route tables are not stateful and OSPF will have to reconverge after Failover to the Standby node.

HTH

New Member

OSPF ASA 5520 in failover mode

EIGRP will converge faster but than OSPF and EIGRP comparison is a total different topic which might point OSPF as a better choice

Cisco Employee

OSPF ASA 5520 in failover mode

With 8.4.1 there is a new high-availability feature for OSPF and EIGRP:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/intro_intro.html

Stateful Failover with Dynamic Routing Protocols:  Routes that are learned through dynamic routing protocols (such as OSPF and EIGRP) on the active unit are now maintained in a Routing Information Base (RIB) table on the standby unit. Upon a failover event, traffic on the secondary active unit now passes with minimal disruption because routes are known.

615
Views
0
Helpful
4
Replies