Simon Fitzgerald
asked on
Poor failover performance of WS-SVC-ASA-SM1 in WS6506-E
Hello, I am trying to deploy an active/active multi-context solution using the hardware noted above.
I believe I have done all required to get this working however I am still seeing fail over times of
around 50 seconds.
The ASAs blades and the supervisors have identical images:-
Cisco Adaptive Security Appliance Software Version 9.1(2) <context>
Device Manager Version 6.5(1)
Compiled on Thu 09-May-13 16:20 PDT by builders
Hendon up 17 days 21 hours
failover cluster up 26 days 21 hours
Hardware: WS-SVC-ASA-SM1
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9
I have this config on both the 6506 supers:-
firewall autostate
firewall multiple-vlan-interfaces
firewall module 6 vlan-group 56
firewall vlan-group 56 12,41-44,51-54,56-60,68,69
firewall vlan-group 56 2051,2053,2054,2057,2060,2
firewall vlan-group 56 2188,2197,2199
I can paste in further content on request. Any help would be much appreciated.
Many thanks
I believe I have done all required to get this working however I am still seeing fail over times of
around 50 seconds.
The ASAs blades and the supervisors have identical images:-
Cisco Adaptive Security Appliance Software Version 9.1(2) <context>
Device Manager Version 6.5(1)
Compiled on Thu 09-May-13 16:20 PDT by builders
Hendon up 17 days 21 hours
failover cluster up 26 days 21 hours
Hardware: WS-SVC-ASA-SM1
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9
I have this config on both the 6506 supers:-
firewall autostate
firewall multiple-vlan-interfaces
firewall module 6 vlan-group 56
firewall vlan-group 56 12,41-44,51-54,56-60,68,69
firewall vlan-group 56 2051,2053,2054,2057,2060,2
firewall vlan-group 56 2188,2197,2199
I can paste in further content on request. Any help would be much appreciated.
Many thanks
Last Comment
ASKER
Thanks for your quick response Predrag. Yes we are using spanning tree. I have a 4500
used for connecting 'users' to vlan 2060 and that 4500 has two links, one to each of the 6506 switches on vlan 2060.
Having said that now it is of course the 4500 that is taking the time to fail over..but i can't turn if off due the loop....thinking we should enable rapid spanning tree....will give that a go and let you know. Thanks
Thanks again
used for connecting 'users' to vlan 2060 and that 4500 has two links, one to each of the 6506 switches on vlan 2060.
Having said that now it is of course the 4500 that is taking the time to fail over..but i can't turn if off due the loop....thinking we should enable rapid spanning tree....will give that a go and let you know. Thanks
Thanks again
ASKER
Hello Predrag, I enabled rpst and 'failover autostate' and all is much quicker now, thanks for that.
Would you advise disabling spanning tree altogether on the access switches and leave it running on the two 6506s which contain the ASA SMs ?
Thanks
Would you advise disabling spanning tree altogether on the access switches and leave it running on the two 6506s which contain the ASA SMs ?
Thanks
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hello Predrag, sorry for the delay...thanks for your answer.
No problem...
You're welcome.
You're welcome.
Cisco
Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).
27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
30 seconds - Listening + Learning
20 seconds - Max Age