Cisco ASA 5505 User Manual

Page 1294

61-6

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 61 Information About High Availability

Failover and Stateful Failover Links

Depending upon their network topologies, several primary/secondary failure scenarios exist in ASA
failover pairs, as shown in the following scenarios.

Scenario 1—Not Recommended

If a single switch or a set of switches are used to connect both failover and data interfaces between two
ASAs, then when a switch or inter-switch-link is down, both ASAs become active. Therefore, the
following two connection methods shown in

Figure 61-1

and

Figure 61-2

are NOT recommended.

Figure 61-1

Connecting with a Single Switch—Not Recommended

Figure 61-2

Connecting with a Double Switch—Not Recommended

Scenario 2—Recommended

To make the ASA failover pair resistant to failover interface failure, we recommend that failover
interfaces NOT use the same switch as the data interfaces, as shown in the preceding connections.
Instead, use a different switch or use a direct cable to connect two ASA failover interfaces, as shown in

Figure 61-3

and

Figure 61-4

Figure 61-3

Connecting with a Different Switch

Figure 61-4

Connecting with a Cable

236369

Primary ASA

Failover link

Secondary ASA

outside

inside

236370

Primary ASA

Failover link

Secondary ASA

outside

inside

ISL

Switch 1

Switch 2

Primary ASA

236371

Failover link

Secondary ASA

outside

Switch 1

Switch 2

inside

236372

Ethernet cable

Primary ASA

Failover link

Secondary ASA

outside

Switch 1

inside

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series