Can build two ASA balancing as active/active mode?

Hi, professionals

I wonder if two ASA able to set up a balancing as active/active mode, balance the traffic?

Thanks in advance,

Yang

Yes, that running in active/active ASA is so you can load balance traffic. Here is a link with more information.

http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080834058.shtml

It will be useful.

Tags: Cisco Security

Similar Questions

  • How is used to monitor two ASA (active/stby) with modules IPS Cisco MARCH?

    Hello

    The two ASA with IPS modules are in Active mode / standby. When I try to add both the two IP (active / standby) in MARCH, the MARCH will complain of duplicate names.

    How set up in MARCH to monitor the ASA with IPS with topology standby active?

    Thank you!

    Hello

    The fundamental problem with this scenario is that you have modules able non-basculement in a tipping chassis - think of the pair of failover ASA as a device and modules IPS as two completely separate devices.

    Then, as we have already mentioned, add only the ASA elementary school. (High school will never be passing traffic in standby mode so it is not really necessary in MARCH) Then, with the first IPS module you can add it as a module of ASA or as a standalone device (MARCH doesn't care). With the second module IPS, the only option is to add it as a separate unit anyway.

    In a failover scenario of the SAA swap IP but SPI considering you'll ever messages from ASA active you will get messages from the intellectual property of these two IPS depending on whether you are in the ASA active at the time.

    Remember that you must manually reproduce all IPS configuration whenever you make a change.

    HTH

    Andrew.

  • IPS modules in the ASA config for active/passive failover

    Hey guys,.

    We have two ASA in a situation of active/passive failover each with a module AIP-SSM-20 IPS.

    These modules are intended to synchronize their configs like the ASA do? Alternatively, they each have a separate entity and each need to be configured separately?

    Thanks for any help!

    Each will have their own IP address, and each must be configured separately.

    They will not communicate with each other and share no configuration.

    You will need to make sure the config is changed in one of the other.

    Monitoring station pull events from two sensors.

    The SSMs rely on the SAA for the TCP state tracking so they will work very well in a design of failover ASA.

  • ASA 5520's active / standby, do not sync AnyConnect Profles

    I'm working on two ASA 5520 configuration in a configuration active / standby.  I have almost all the same between the two units for AnyConnect work waiting for both of the following:

    AnyConnect Client profiles

    AnyConnect Client software

    If I download the software manually to the standby unit I get warning against them are not synchronized, and on the active unit if I do a 'writing' standby does not copy the profile or the software.  Anyone has any ideas on this?

    Thank you

    Dan

    Hello

    Bug CSCsr31403

    When you configure the ASA in a failover pair, you must manually copy the AnyConnect and CSD images for the primary and the secondary ASA.   You must also do the same for the Anyconnect profile file if you use it.

    Either force the ASA shall become active and copy the files to the new ASA assets using ASDM or copy files directly from the console ASA ensures using tftp or ftp.

    Kind regards

    Note the useful messages

    Julio

  • Hi, I need to activate my Adobe CS3 on a new computer because my old is dead and I'm having trouble. Tried the average normal recording then connected with my Adobe ID and can see the software code and activation already registered. How to get o

    Hi, I need to activate my Adobe CS3 on a new computer because my old is dead and I'm having trouble. Tried the average normal recording then connected with my Adobe ID and can see the software code and activation already registered. How to get it on my computer saved?

    If your two activation is used, you need to call Adobe. Install CS3 point of activation and call Adobe at this time here.  They help in cases like your My drive crashed and I replaced it. Could not disable the activation of the accident.  I've done that twice in the years I use PS for about 20 years

    To see your key, you must click on the product in your products and services Adobe page.

  • How can I remove an account from activation if the former owner is not found?

    How can I remove an account from activation if the former owner is not found?

    Unless it's yours, you can't, and Apple will be not remove for you. Locking activation is a measure of protection against theft.

    (141565)

  • What happens if you upgraded to IOS 9.3 and your device is blocked on the activation mode, but can not recover apple id and password which allows you to set your device?

    I've updated the most recent update (IOS 9.3) in Night Shift & password protect notes, but my ipod touch 5g (an older device) is stuck on activation mode and it asks me for the Apple ID and password that was used to put in place this IPod. ID Apple listed is disabled and I can't reset the password. Help, please? I also try to delete everything that follows, so this does not happen.

    When EXACTLY did you do that?

    Today, there was a release of a fix for most of the devices

  • How can I reactivate my iphone after activating the locking of activation

    How can I reactivate my iphone after activating the locking of activation?

    Entered successfully the Apple ID and password to enable find my phone.

  • Watch does not recognize the weight class as exercise-how can you add the duration of activity manually because none of the presets eg elliptical etc. is appropriate. Also does not count calories for example 35 when the rest of the group is around 500

    Look does not recognize the weight class as exercise-how can you add the duration of activity manually because none of the presets etc for example elliptical is appropriate and therefore do not count toward the daily goal. Also does not count calories for example 35 when the average of the others in the group is around 500.

    Hello

    When you use the application of the training session, choose the type of activity that best fits your business. For anything else - like weight - select the other category.

    During the follow-up of one year to the next helps:

    • Activity app will credit the ring of progress of exercise with one minute for every minute of the workout.
    • Active calories will be based on the data recorded by the heart rate sensor or a brisk walk, whichever is greater.

    Note, however, that the heart rate sensor is likely to give better results for the workouts that involve rhythmic (for example running) rather than the irregular movements.

    More information:

    Use of the workout on your Apple Watch - Apple Support

  • Can we build two installers (each installs different .exe) in the Labview project?

    Hello

    Since it has many common files between two test programs, I built two applications in a single project. Then I need to build two installers for applications accordingly. I'm having trouble to add the second request in the second installer when I specify the source files in the Installer properties. When I select this pack of applications according to the specifications of construction, I can't add it to the destination for the Installer folder. When I second request pack and destinatioin selected times record, the up arrow (to add files in the left pane to the right pane) turns into grey (not clickable). However, I found that, if I select the first pack of application according to the specifications of construction, the arrow turns direct. But I don't want to add to the first application for my second application installer.

    Everyone understands what I'm going to talk to? Looking forward to your help!

    Thank you very much!

    Spring

    Hi Sam,

    I went through all the pages and didn't see any product ID. What page do you see ELISA product ID?

    The problem I had was on the construction itself. I had not gone far enough to install it.

    After you remove the duplicate Installer and created a new one from scratch, everything worked as expected (from build for installation in the execution of the program).

    Kind regards

    Spring

  • ASA 5505 - I can't create an IPSEC VPN between two ASA 5505

    Hello

    I have two ASA 5505 with basic license and I'm trying to create a VPN IPSEC using the CLI. Here are the steps I did:

    1 Configure ASA-1 (host name, vlan 1 and vlan 2).

    2. configure a static route

    3. create object network (local and remote)

    4. create the access list

    5. create ikev1 crypto

    6. create tunnel-group

    7 Configure nat

    and I repeat the steps above with the ASA but another change IP.

    Are to correct the above steps?

    Why can I not create an IPSEC VPN between devices?.

    No, you needn't. The ASA configuration is ok. Packet trace proved it. I think it can be a problem on the hosts. Please, check the firewall on the PC and try to put out of service, if it is running.

  • I can't change the location using activation please

    I can't change the surprise using activation please

    Hello

    Sorry for the inconvenience caused.

    I suggest refer you to the link below on how to enable Windows 8.

    http://Windows.Microsoft.com/en-us/Windows-8/why-activate-Windows

    I hope this helps.

  • How can I get my adobe 7 active

    How can I get my adobe 7 active

    Hey Kevin,

    Adobe has disabled the server activation for CS2, including Acrobat 7, due to a technical problem. These products have been released more than seven years ago and do not run on many modern operating systems; Adobe no longer supports the.

    You can download filtering alternative from this page.

    I recommend you to consult the following link as well.

    https://helpx.Adobe.com/Creative-Suite/KB/CS2-product-downloads.html

    Concerning

    Sukrit diallo

  • The App Builder DPS ask me to active editing simple, even being a member of creative cloud.

    I have problems to activate the simple edition. The App Builder DPS ask me to active editing simple, even being a member of creative cloud. What should I do? Am I missing something?

    TKS,

    You may have already solved this, however for the benefit of the other members:

    Follow the troubleshooting steps mentioned in this article and make sure you click on "Create the App" Folio Builder Panel, once you follow all the steps:

    http://helpx.Adobe.com/Digital-Publishing-Suite/KB/DPS-CCM-users-get-activate.html

  • Site to site, two ASAs

    Hello

    I run the wizard from site to site on two ASAs let communication flow between two internal networks, an internal behind each of them.

    The wizard went very well, but what caught my attention is that there is no possibility to tell the ASA 2 it is the counterpart of connection (and not the hand / server peer). Guide States"on the remote site, set up the second Adaptive security device to serve as a VPN peer. Use the procedure allows you to configure the device local Adaptive Security, starting with the section 'configure the Adaptive Security device has the Local Site' and ending by 'view VPN attributes and complete Wizard' section. "- but I could not find this setting.

    I expect one of them to connect to each other and to see them in the "follow-up". But on the two ASAs ASDM tab control I see "site-to-site: 0" (while seeing some clients to access remote active).

    ASA 1 ("office")

    outside interface: wan

    Apart from the address: 100.100.0.14 255.255.255.252

    inside the interface: vlan580

    inside address: 10.10.10.1 255.255.255.0

    ASA 2

    outside interface: outdoors

    Apart from the address: 200.200.105.126 255.255.255.252

    inside the interface: inside

    inside address: 10.180.3.1 255.255.255.0

    See chart for visualization.

    Here's what I think, it is the relevant config of the SAA.

    # 1 ASA

    wan_1_cryptomap to access extended list ip 10.10.10.0 allow 255.255.255.0 10.180.3.0 255.255.255.0

    vlan581_nat0_outbound to access extended list ip 10.10.10.0 allow 255.255.255.0 10.180.3.0 255.255.255.0

    Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    Crypto-map dynamic outside_dyn_map pfs set 20 Group1

    Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA

    card crypto outside_map 1 match address wan_1_cryptomap

    card crypto outside_map 1 set pfs Group1

    peer set card crypto outside_map 1 200.200.105.126

    card crypto outside_map 1 set of transformation-ESP-3DES-SHA

    map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map

    outside_map card crypto wan interface

    Crypto ca trustpoint ASDM_TrustPoint0

    domain name full asa01

    name of the object CN = asa01

    no client-type

    Configure CRL

    ISAKMP crypto enable wan

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    tunnel-group 200.200.105.126 type ipsec-l2l

    IPSec-attributes tunnel-group 200.200.105.126

    pre-shared key *.

    # 2 ASA

    access extensive list ip 10.180.3.0 outside_1_cryptomap allow 255.255.255.0 10.10.10.0 255.255.255.0

    access extensive list ip 10.180.3.0 inside_nat0_outbound allow 255.255.255.0 10.10.10.0 255.255.255.0

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    Crypto-map dynamic outside_dyn_map pfs set 20 Group1

    Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA

    card crypto outside_map 1 match address outside_1_cryptomap

    card crypto outside_map 1 set pfs Group1

    peer set card crypto outside_map 1 100.100.0.14

    card crypto outside_map 1 set of transformation-ESP-3DES-SHA

    map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

    outside_map interface card crypto outside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    No encryption isakmp nat-traversal

    tunnel-group 100.100.0.14 type ipsec-l2l

    IPSec-attributes tunnel-group 100.100200.200.0.14

    pre-shared key *.

    Basically, it works like this

    The tunnel not initiate until he receives a portion of the traffic to the other side.

    Both ends can resolve the tunnels towards the other ASA for anyone to peer that receives a packet with destination to the network behind the other peer will launch the installation of the vpn tunnel.

    When you do things in the ASDM he sometimes changes a little. so in a different versions of the asdm, it sounds a little different from the other.

    a peer is the other side of the vpn connection. you have 2 peers on either side of the tunnel.

    then try to generate traffic to som on your side at the other end and check again for the tunnel.

    Good luck

    HTH

Maybe you are looking for

  • Is there a FF 9.0.1 compatible Norton toolbar?

    My add on for Norton Tool Bar Version 2011.7.8 has been disabled because it is not compatible with FF 9.0.1. Is there a version update available?

  • Excellent strengh of WiFi signal but no internet access

    I have a toshiba laptop with built-in adapter, adapter works fine with any other wireless networks that I connected without any problems at least 5 or 6. I have recently implemented a new network with new aol wireless router, a thompson speedtouch. T

  • HP Envy 5644: Photo prints using far too much ink.

    I just bought this printer today.  When you print on regular paper, it prints just fine.  When you print pictures, he uses a ridiculous amount of ink so that the paper is still damp several hours later and so stained, is not recognizable.  I use HP p

  • fleight of microsoft Simulator is compatible with windows 7?

    Can I play microsoft flight simulator with windows 7?

  • Can not turn off my drive

    I have a sansa e280 When I turn it on it says "refreshing database" and then freezes. He can't do anything about that event turn off. After many hours, it will automatically turn off, but when I connect with my computer it comes on and says "refresh