This is a multi-part message in MIME format.

--===============1562120755==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C6E73F.CEB47C9E"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C6E73F.CEB47C9E
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello all,

We have 2 Cisco ASA5520 with AIP-SSM-20 that will be replacing two PIX
515s.

We'd like to configure the two ASA in Active/Active failover mode which
requires the use of multiple contexts and 2 failover groups. The
interfaces we'll be using will be inside, outside, dmz1, dmz2, dmz3. I'm
wondering if I should assign interface inside and outside to context1
and dmz1/dmz2/dmz3 to context2, then put context1 on asa1 in failover
group1 and context2 on asa1 in failover group2 (and vice versa on asa2).
Is there a better way to do it? Obviously interface inside and outside
will be heavily used whereas the dmz interfaces will produce less
traffic, so asa1/failover group1 which is configured with interface
inside and outside will be used more heavily then asa2 which passes
traffic only for the three dmzs. Does anybody here have any experience
with setting up the ASA in a similar scenario? If so could you share
your experience with us please? What's the best practice and what are
some questions I should ask myself?

Thanks in advance.

=20

--

Rossella

=20


------_=_NextPart_001_01C6E73F.CEB47C9E
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









style=3D'font-size:10.0pt;
font-family:Tahoma'>Hello all,>>



style=3D'font-size:10.0pt;
font-family:Tahoma'>We have 2 Cisco ASA5520 with AIP-SSM-20 that will be
replacing two PIX 515s.>>



style=3D'font-size:10.0pt;
font-family:Tahoma'>We’d like to configure the two ASA in =
Active/Active
failover mode which requires the use of multiple contexts and 2 failover =
groups.
The interfaces we’ll be using will be inside, outside, dmz1, dmz2, =
dmz3.
I’m wondering if I should assign interface inside and outside to =
context1
and dmz1/dmz2/dmz3 to context2, then put context1 on asa1 in failover =
group1
and context2 on asa1 in failover group2 (and vice versa on asa2). Is =
there a
better way to do it? Obviously interface inside and outside will be =
heavily
used whereas the dmz interfaces will produce less traffic, so =
asa1/failover
group1 which is configured with interface inside and outside will be =
used more
heavily then asa2 which passes traffic only for the three dmzs. Does =
anybody
here have any experience with setting up the ASA in a similar scenario? =
If so
could you share your experience with us please? What’s the best =
practice
and what are some questions I should ask =
myself?>>



style=3D'font-size:10.0pt;
font-family:Tahoma'>Thanks in advance.>>



style=3D'font-size:10.0pt;
font-family:Tahoma'>>



style=3D'font-size:10.0pt;
font-family:Tahoma'>-->>



style=3D'font-size:10.0pt;
font-family:Tahoma'>Rossella
face=3DTahoma> style=3D'font-size:10.0pt;font-family:Tahoma'>>> p>

style=3D'font-size:
12.0pt'>>









------_=_NextPart_001_01C6E73F.CEB47C9E--

--===============1562120755==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1562120755==--