![]() ASA1 will be the active firewall and ASA2 will be in standby mode. In this lesson we’ll take a look how to configure active/standby failover. Some of the “lower” models require the Security Plus license for failover (the ASA 5510 is an example). License has to be the same.number of VPN peers, encryption supported, etc.Same operating mode: routed or transparent mode and single or multiple context mode.Hardware must be the same: same number and type of interfaces.Platform has to be the same: for example 2x ASA 5510 or 2x ASA 5520.There are a number of requirements if you want to use failover: When the active ASA fails, the standby ASA will take over and since it has all connection information, your users won’t notice anything… This includes TCP/UDP states, NAT translation tables, ARP table, VPN information and more. The failover mechanism is stateful which means that the active ASA sends all stateful connection information state to the standby ASA. It doesn’t do anything unless the active ASA fails. The ASA supports active/standby failover which means one ASA becomes the active device, it handles everything while the backup ASA is the standby device. Since it’s such an important device it’s a good idea to have a second ASA in case the first one fails. ![]() We use it for (remote access) VPNs, NAT/PAT, filtering and more. The Cisco ASA firewall is often an important device in the network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |