EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #290 background imageLoading...
Page #290 background image
1-26
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Cluster of ASAs
Guidelines and Limitations
Device-local EtherChannels—For ASA Device-local EtherChannels including any
EtherChannels configured for the cluster control link, be sure to configure discrete
EtherChannels on the switch; do not combine multiple ASA EtherChannels into one
EtherChannel on the switch.
Additional Guidelines
See the ASA Hardware and Software Requirements” section on page 1-3.
For unsupported features with clustering, see the “Unsupported Features” section on page 1-17.
When significant topology changes occur (such as adding or removing an EtherChannel interface,
enabling or disabling an interface on the ASA or the switch, adding an additional switch to form a
VSS or vPC) you should disable the health check feature. When the topology change is complete,
and the configuration change is synced to all units, you can re-enable the health check feature.
When adding a unit to an existing cluster, or when reloading a unit, there will be a temporary, limited
packet/connection drop; this is expected behavior. In some cases, the dropped packets can hang your
connection; for example, dropping a FIN/ACK packet for an FTP connection will make the FTP
client hang. In this case, you need to reestablish the FTP connection.
If you use a Windows 2003 server connected to a Spanned EtherChannel, when the syslog server
port is down and the server does not throttle ICMP error messages, then large numbers of ICMP
messages are sent back to the ASA cluster. These messages can result in some units of the ASA
cluster experiencing high CPU, which can affect performance. We recommend that you throttle
ICMP error messages.
ASA1
ASA2
ASA3
ASA4
ten0/6
Cluster Control Link
port-ch1
ten0/7
port-ch1
port-ch1
port-ch1
VLAN 101
port-ch1
RIGHT WRONG
port-ch2
port-ch3
port-ch4
ten0/6
ten0/7
ten0/6
ten0/7
ten0/6
ten0/7
ASA1
ASA2
ASA3
ASA4
ten0/6
Cluster Control Link
port-ch1
ten0/7
port-ch1
port-ch1
port-ch1
VLAN 101
port-ch1
ten0/6
ten0/7
ten0/6
ten0/7
ten0/6
ten0/7
333358
Switch Switch

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals