EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #276 background imageLoading...
Page #276 background image
1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Cluster of ASAs
Information About ASA Clustering
You can ignore the message and establish the ASDM connection. However, to avoid this type of warning,
you can enroll a certificate that contains the Main cluster IP address and all the Local IP addresses from
the IP address pool. You can then use this certificate for each cluster member. For more information, see
Chapter 1, “Configuring Digital Certificates.
Load Balancing Methods
See also the ASA Cluster Interfaces” section on page 1-4.
Spanned EtherChannel (Recommended), page 1-12
Policy-Based Routing (Routed Firewall Mode Only), page 1-14
Equal-Cost Multi-Path Routing (Routed Firewall Mode Only), page 1-15
Spanned EtherChannel (Recommended)
You can group one or more interfaces per unit into an EtherChannel that spans all units in the cluster.
The EtherChannel aggregates the traffic across all the available active interfaces in the channel.
Spanned EtherChannel Benefits, page 1-12
Guidelines for Maximum Throughput, page 1-12
Load Balancing, page 1-13
EtherChannel Redundancy, page 1-13
Connecting to a VSS or vPC, page 1-13
Spanned EtherChannel Benefits
The EtherChannel method of load-balancing is recommended over other methods for the following
benefits:
Faster failure discovery.
Faster convergence time. Individual interfaces rely on routing protocols to load-balance traffic, and
routing protocols often have slow convergence during a link failure.
Ease of configuration.
For more information about EtherChannels in general (not just for clustering), see the “EtherChannels
section on page 1-5.
Guidelines for Maximum Throughput
To achieve maximum throughput, we recommend the following:
Use a load balancing hash algorithm that is “symmetric,” meaning that packets from both directions
will have the same hash, and will be sent to the same ASA in the Spanned EtherChannel. We
recommend using the source and destination IP address (the default) or the source and destination
port as the hashing algorithm.
Use the same type of line cards when connecting the ASAs to the switch so that hashing algorithms
applied to all packets are the same.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals