Intra- and Inter-Chassis Module Placement for the ASA Services Module
Figure 1-8
Figure 1-8
Switch
Active
ASASM
Inter-Chassis Failover
To protect against switch-level failure, you can install the secondary ASASM in a separate switch. The
ASASM does not coordinate failover directly with the switch, but it works harmoniously with the switch
failover operation. See the switch documentation to configure failover for the switch.
To accommodate the failover communications between ASASMs, we recommend that you configure a
trunk port between the two switches that carries the failover and state VLANs. The trunk ensures that
failover communication between the two units is subject to minimal failure risk.
For other VLANs, you must ensure that both switches have access to all firewall VLANs, and that
monitored VLANs can successfully pass hello packets between both switches.
Figure 1-9
switches carries the failover ASASM VLANs (VLANs 10 and 11).
Note
ASASM failover is independent of the switch failover operation; however, ASASM works in any switch
failover scenario.
Cisco ASA Series CLI Configuration Guide
1-12
shows a typical intra-switch configuration.
Intra-Switch Failover
Internet
VLAN 100
VLAN 200
Failover VLAN 10
State VLAN 11
VLAN 201
Inside
shows a typical switch and ASASM redundancy configuration. The trunk between the two
Chapter 1
Standby
ASASM
Information About Failover