Cisco ASA 5505 User Manual
Page 1294
61-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 61 Information About High Availability
Failover and Stateful Failover Links
Depending upon their network topologies, several primary/secondary failure scenarios exist in ASA
failover pairs, as shown in the following scenarios.
Scenario 1—Not Recommended
If a single switch or a set of switches are used to connect both failover and data interfaces between two
ASAs, then when a switch or inter-switch-link is down, both ASAs become active. Therefore, the
following two connection methods shown in
and
are NOT recommended.
Figure 61-1
Connecting with a Single Switch—Not Recommended
Figure 61-2
Connecting with a Double Switch—Not Recommended
Scenario 2—Recommended
To make the ASA failover pair resistant to failover interface failure, we recommend that failover
interfaces NOT use the same switch as the data interfaces, as shown in the preceding connections.
Instead, use a different switch or use a direct cable to connect two ASA failover interfaces, as shown in
.
Figure 61-3
Connecting with a Different Switch
Figure 61-4
Connecting with a Cable
236369
Primary ASA
Failover link
Failover link
Secondary ASA
outside
outside
inside
inside
236370
Primary ASA
Failover link
Failover link
Secondary ASA
outside
outside
inside
inside
ISL
Switch 1
Switch 2
Primary ASA
236371
Failover link
Failover link
Secondary ASA
outside
outside
Switch 1
Switch 2
inside
inside
236372
Ethernet cable
Primary ASA
Failover link
Failover link
Secondary ASA
outside
outside
Switch 1
inside
inside