PHYSICAL-ASA(config-ctx)# config-url disk0:/vASA1.cfg PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet0.1 outside_vASA1 PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet1.1 inside_vASA1 INFO: Admin context will take some time to come up. INFO: Context admin was created with URL disk0:/admin.cfg PHYSICAL-ASA(config-ctx)# config-url disk0:/admin.cfgĬryptochecksum (changed): d9951253 3b82d2ce 840166f8 ccd3d7f1 PHYSICAL-ASA(config)# admin-context admin ( Note: This CANNOT be done on an ASA 5505 or 5506-X). and Active/Active, for 5510, 5512-X, and 5508-X that means Security Plus, for all other models a ‘base’ licence is required. Make sure the Licences are on the firewalls allow multiple contexts. Deploy Cisco ASA in Active/Active Failoverįor a more ‘logical’ view heres what is actually being setup ġ. (This is 100% the case up to an including version 9.0, after version 9.0 they have stopped saying it’s not supported, but don’t say it’s supported). VPNS: Yes theres no VPNs with Active Active. Load balancing: It’s a firewall! If you want load balancing buy a load balancer! People assume because both firewalls are passing traffic, they must load balance, they don’t, in fact they don’t even pass traffic from the same subnet. You have multiple LAN subnets and what to split them though different firewalls. ![]() You have a multi-tenancy environment and want to offer your tenants failover firewall capability.The only real practical use cases I can think of for Active /Active are I hear comments like ‘we have paid for both firewalls lets use them’, or ‘I want to sweat both assets’. Usually when I’m asked to setup Active/Active I cringe, not because its difficult, its simply because people assume active/active is better than active/standby.
0 Comments
Leave a Reply. |