Prerequisites for active/active failover, Guidelines and limitations – Cisco ASA 5505 User Manual

Page 1331

Advertising
background image

63-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 63 Configuring Active/Active Failover

Prerequisites for Active/Active Failover

Prerequisites for Active/Active Failover

In Active/Active failover, both units must have the following:

The same hardware model.

The same number of interfaces.

The same types of interfaces.

The same software version, with the same major (first number) and minor (second number) version
numbers. However you can use different versions of the software during an upgrade process; for
example you can upgrade one unit from Version 7.0(1) to Version 7.9(2) and have failover remain
active. We recommend upgrading both units to the same version to ensure long-term compatibility.

The same software configuration.

The same mode (multiple context mode).

The proper license.

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in multiple context mode only.

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

IPv6 Guidelines

IPv6 failover is supported.

Model Guidelines

Active/Active failover is not available on the Cisco ASA 5505.

Additional Guidelines and Limitations

No two interfaces in the same context should be configured in the same ASR group.

ASA failover replication fails if you try to make a configuration change on two or more contexts at the
same time. The workaround is to make configuration changes on each unit sequentially.

The following features are not supported for Active/Active failover:

To receive packets from both units in a failover pair, standby IP addresses need to be configured on
all interfaces.

The standby IP address is used on the security appliance that is currently the standby unit, and it
must be in the same subnet as the active IP address.

You can define a maximum number of two failover groups.

Failover groups can only be added to the system context of devices that are configured for multiple
context mode.

You can create and remove failover groups only when failover is disabled.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals