Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco, ASA, 5510, Failover to a Cisco ASA 5505

Posted on 2008-10-04
3
Medium Priority
?
1,519 Views
Last Modified: 2010-04-21
Can a Cisco ASA 5510 (ASA5510-SEC-BUN-K9) failover to a 5505 (ASA5505-SEC-BUN-K9)?

I know there are 25 vs 250 VPNs...which is fine.  I have the 5510 already, and I am looking to purchase another firewall.  I don't have the $$ for another 5510, but I can get the 5505.  As for the performance differences, that is fine.  Basically I am wanting to ensure failover for non-VPN related business (e-mail, FTP, etc...).

Thanks,
Kevin
0
Comment
Question by:kevin_buchanan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Assisted Solution

by:devangshroff
devangshroff earned 400 total points
ID: 22641553
this is npt possible , to have a failover you need to go for same product , eve with same firmware , RAM etc.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 1600 total points
ID: 22642525
When designing a failover configuration with both ASAs and Cisco routers, you must use an identical product. It will not work unless the two devices are exactly the same.
For best reliablilty get another 5510. The 5505s (even with the security plus license) only have stateless A/S failover. This means that if one ASA goes down, ALL connections are dropped and everything has to be resestablished - in otherwords it kills everything on the network for about 30 seconds.
With 2 5510s in A/S or A/A failover mode, you have full stateful failover, which means that if an ASA drops all connections are seamlessly transferred over to the remaining ASA and when the other one is fixed everything goes back to normal operation.
Please note that ASAs are VERY reliable (although I certainly cannot blame you for wanting a backup unit! - It's best practice to do this). You would probably be okay if you got one 5510 now and waited for the new budget year to get the second one and then installed them in failover mode.
Cheers! Let me know if you have any questions!
0
 
LVL 1

Author Closing Comment

by:kevin_buchanan
ID: 31503044
devangshroff - your answer was good
Pugglewuggle - your was more informative and informational

thanks to both of you!  I will wait until next FY and budget for another 5510.  ...thanks!
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question