Техническая Инструкция для Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption
On the PIX/ASA Security appliance platform, at least one of the units must have an unrestricted (UR)
license. The other unit can have a Failover Only Active−Active (FO_AA) license, or another UR license.
Units with a Restricted license cannot be used for failover, and two units with FO_AA licenses cannot be used
together as a failover pair.
license. The other unit can have a Failover Only Active−Active (FO_AA) license, or another UR license.
Units with a Restricted license cannot be used for failover, and two units with FO_AA licenses cannot be used
together as a failover pair.
Note: You might need to upgrade the licenses on a failover pair in order to obtain additional features and
benefits. For more information on upgrade, refer to License Key Upgrade on a Failover Pair
benefits. For more information on upgrade, refer to License Key Upgrade on a Failover Pair
Note: The licensed features, such as SSL VPN peers or security contexts, on both security appliances that
participate in failover must be identical.
participate in failover must be identical.
Note: The FO license does not support Active/Active Failover.
Components Used
The information in this document is based on these software and hardware versions:
PIX Security Appliance with 7.x version and later
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Related Products
This configuration can also be used with these hardware and software versions:
ASA with 7.x version and later
•
Note: Active/Active failover is not available on the ASA 5505 series adaptive security appliance.
Conventions
Refer to the Cisco Technical Tips Conventions for more information document conventions.
Active/Active Failover
This section describes Active/Standby Failover and includes these topics:
Active/Active Failover Overview
•
Primary/Secondary Status and Active/Standby Status
•
Device Initialization and Configuration Synchronization
•
Command Replication
•
Failover Triggers
•
Failover Actions
•
Active/Active Failover Overview
Active/Active failover is only available to security appliances in multiple context mode. In an Active/Active
failover configuration, both security appliances can pass network traffic.
failover configuration, both security appliances can pass network traffic.
In Active/Active failover, you divide the security contexts on the security appliance into failover groups. A