[fw-wiz] best practices for configuring two ASA5520 with IPS module in Active/Active failover mode
- From: "Rossella Mariotti-Jones" <rossella@xxxxxxxxxxxxx>
- Date: Tue, 3 Oct 2006 16:01:06 -0700
Hello all,
We have 2 Cisco ASA5520 with AIP-SSM-20 that will be replacing two PIX
515s.
We'd like to configure the two ASA in Active/Active failover mode which
requires the use of multiple contexts and 2 failover groups. The
interfaces we'll be using will be inside, outside, dmz1, dmz2, dmz3. I'm
wondering if I should assign interface inside and outside to context1
and dmz1/dmz2/dmz3 to context2, then put context1 on asa1 in failover
group1 and context2 on asa1 in failover group2 (and vice versa on asa2).
Is there a better way to do it? Obviously interface inside and outside
will be heavily used whereas the dmz interfaces will produce less
traffic, so asa1/failover group1 which is configured with interface
inside and outside will be used more heavily then asa2 which passes
traffic only for the three dmzs. Does anybody here have any experience
with setting up the ASA in a similar scenario? If so could you share
your experience with us please? What's the best practice and what are
some questions I should ask myself?
Thanks in advance.
--
Rossella
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: [fw-wiz] Static nat to a distant network?
- Next by Date: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- Previous by thread: [fw-wiz] Static nat to a distant network?
- Next by thread: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- Index(es):
Relevant Pages
|
