Excellent Aun...Got it and thanks for the clarification Regards Anantha Subramanian Natarajan
On Fri, Sep 24, 2010 at 4:22 AM, Aun Raza <aun.r...@gmail.com> wrote: > Anantha: > > Redundant interfaces use the concept of Active / Standby. One link is > active, the other standby. In addition, the "primary" active one does not > pre-empt, in case it comes back online after a failure. Once the standby > becomes active, it stays active, till a reboot or failure to cause it > switch. Keeping that in mind, say if you connect the ASAs back to back, with > the Int1 on the Primary ASA going to Int1 on the Secondary ASA. Similarly > Int2 on the Primary to Int2 on the Secondary. And, Int1 and Int2 form the > Redundant Interface you are using for failover. Ideally, Int1 on both ASAs > should be the Active one. If, for some reason, Int1 on the Secondary ASA > becomes Standby (software issue, etc.), Int1 on the Primary ASA will still > be active (as the link itself didn't go down). This will result in > uni-directional communication, and eventually result in both ASAs becoming > Active after failover comm breaks down. > > Ideally you would have two switches, connected via a trunk and each > interface of the ASAs Redundant Interface connected to either switch (criss > crossed). This way you can cover multiple failure scenarios. > > HTH, > Aun. > > On Fri, Sep 24, 2010 at 11:44 AM, Kingsley Charles < > kingsley.char...@gmail.com> wrote: > >> As per >> >> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html >> , >> you can connect >> ASAs back to back and it is in the recommended it >> >> >> Figure 15-6 Connecting with Ethernet Cables >> >> >> >> With regards >> Kings >> On Thu, Sep 23, 2010 at 10:44 PM, Anantha Subramanian Natarajan < >> anatara...@gravitant.com> wrote: >> >> > Thanks David for the response. >> > >> > Regards >> > Anantha Subramanian Natarajan >> > >> > On Thu, Sep 23, 2010 at 12:07 PM, David Prall <d...@dcptech.com> wrote: >> > >> >> If an interface goes down the ASA will failover. If the redundant link >> >> between the two ASA's goes down because you upgraded the secondary, >> this >> >> isn't good. >> >> >> >> -- >> >> http://dcp.dcptech.com >> >> >> >> >> >> > -----Original Message----- >> >> > From: nob...@groupstudy.com [mailto:nob...@groupstudy.com] On Behalf >> Of >> >> > Anantha Subramanian Natarajan >> >> > Sent: Thursday, September 23, 2010 12:08 PM >> >> > To: Cisco certification; ccie_security@onlinestudylist.com >> >> > Subject: ASA Redundant Interface for failover or state link >> >> > >> >> > Hi All, >> >> > >> >> > >> >> > I am understanding from the Cisco ASA configuration guide that,if >> we >> >> > use >> >> > redundant interface for the failover or state link,we must put a >> switch >> >> > or >> >> > hub between the two units(Active and standby).I am trying to >> understand >> >> > the >> >> > reason for the same.Would appreciate your response. >> >> > >> >> > >> >> > Thanks >> >> > >> >> > >> >> > Regards >> >> > >> >> > Anantha Subramanian Natarajan >> >> >> >> >> > >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> please >> > visit www.ipexpert.com >> >> > > > -- > *Aun Raza* > **pgp<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB3AA053395A74924> > |web <http://aunraza.com> > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
