Filter
Top Products
CHAPTER
65-1
Cisco ASA 5500 Series Configuration Guide using ASDM
65
Information About High Availability
This chapter provides an overview of the failover features that enable you to achieve high availability on
the Cisco 5500 series ASAs. For information about configuring high availability, see Chapter 67,
“Configuring Active/Active Failover” or Chapter 66, “Configuring Active/Standby Failover.”
This chapter includes the following sections:
• Introduction to Failover and High Availability, page 65-1
• Failover System Requirements, page 65-2
• Failover and Stateful Failover Links, page 65-3
• Active/Active and Active/Standby Failover, page 65-8
• Stateless (Regular) and Stateful Failover, page 65-9
• Transparent Firewall Mode Requirements, page 65-11
• Auto Update Server Support in Failover Configurations, page 65-12
• Failover Health Monitoring, page 65-14
• Failover Times, page 65-16
• Failover Messages, page 65-16
Introduction to Failover and High Availability
Configuring high availability requires two identical ASAs connected to each other through a dedicated
failover link and, optionally, a Stateful Failover link. The health of the active interfaces and units is
monitored to determine if specific failover conditions are met. If those conditions are met, failover
occurs.
The ASA supports two failover configurations, Active/Active failover and Active/Standby failover. Each
failover configuration has its own method for determining and performing failover.
With Active/Active failover, both units can pass network traffic. This also lets you configure traffic
sharing on your network. Active/Active failover is available only on units running in multiple context
mode.
With Active/Standby failover, only one unit passes traffic while the other unit waits in a standby state.
Active/Standby failover is available on units running in either single or multiple context mode.
Both failover configurations support stateful or stateless (regular) failover.