Cisco ASA Series Cli Configuration Manual page 290

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Table of Contents

Guidelines and Limitations

Additional Guidelines

For unsupported features with clustering, see the

When significant topology changes occur (such as adding or removing an EtherChannel interface,

enabling or disabling an interface on the ASA or the switch, adding an additional switch to form a

VSS or vPC) you should disable the health check feature. When the topology change is complete,

and the configuration change is synced to all units, you can re-enable the health check feature.

When adding a unit to an existing cluster, or when reloading a unit, there will be a temporary, limited

packet/connection drop; this is expected behavior. In some cases, the dropped packets can hang your

connection; for example, dropping a FIN/ACK packet for an FTP connection will make the FTP

client hang. In this case, you need to reestablish the FTP connection.

If you use a Windows 2003 server connected to a Spanned EtherChannel, when the syslog server

port is down and the server does not throttle ICMP error messages, then large numbers of ICMP

messages are sent back to the ASA cluster. These messages can result in some units of the ASA

cluster experiencing high CPU, which can affect performance. We recommend that you throttle

ICMP error messages.

Cisco ASA Series CLI Configuration Guide

Device-local EtherChannels—For ASA Device-local EtherChannels including any

EtherChannels configured for the cluster control link, be sure to configure discrete

EtherChannels on the switch; do not combine multiple ASA EtherChannels into one

EtherChannel on the switch.

Cluster Control Link

"ASA Hardware and Software Requirements" section on page

Configuring a Cluster of ASAs

Cluster Control Link

"Unsupported Features" section on page

Show Quick Links

Chapters

Table of Contents