Management Network - Cisco ASA Series Cli Configuration Manual

Information About ASA Clustering
If the owner becomes unavailable, the first unit to receive packets from the connection (based on load
balancing) contacts the backup owner for the relevant state information so it can become the new owner.
Some traffic requires state information above the TCP or UDP layer. See
or lack of support for this kind of traffic.
Table 1-1
Traffic
Up time
ARP Table
MAC address table
User Identity
IPv6 Neighbor database
Dynamic routing
Multi-site licensing
SNMP Engine ID
VPN (Site-to-Site)
Configuration Replication
All units in the cluster share a single configuration. Except for the initial bootstrap configuration, you
can only make configuration changes on the master unit, and changes are automatically replicated to all
other units in the cluster.
ASA Cluster Management
•
•
•
•
•

Management Network

We recommend connecting all units to a single management network. This network is separate from the
cluster control link.
Management Interface
For the management interface, we recommend using one of the dedicated management interfaces. You
can configure the management interfaces as Individual interfaces (for both routed and transparent
modes) or as a Spanned EtherChannel interface.
Cisco ASA Series CLI Configuration Guide
1-10
ASA Features Replicated Across the Cluster
Management Network, page 1-10
Management Interface, page 1-10
Master Unit Management Vs. Slave Unit Management, page 1-11
RSA Key Replication, page 1-11
ASDM Connection Certificate IP Address Mismatch, page 1-11
State Support Notes
Yes Keeps track of the system up time.
Yes Transparent mode only.
Yes Transparent mode only.
Yes Includes AAA rules (uauth) and identify firewall.
Yes
Yes
No
No
No VPN sessions will be disconnected if the master
unit fails.
Chapter 1 Configuring a Cluster of ASAs
Table 1-1 for clustering support