EasyManuals Logo

Cisco ASA 5540 User Manual

Cisco ASA 5540
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #266 background imageLoading...
Page #266 background image
1-2
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Cluster of ASAs
Information About ASA Clustering
How the ASA Cluster Manages Connections, page 1-15
ASA Features and Clustering, page 1-17
How the ASA Cluster Fits into Your Network
The cluster consists of multiple ASAs acting as a single unit. (See the “Licensing Requirements for ASA
Clustering” section on page 1-23 for the number of units supported per model). To act as a cluster, the
ASAs need the following infrastructure:
Isolated, high-speed backplane network for intra-cluster communication, known as the cluster
control link. See the “Cluster Control Link” section on page 1-6.
Management access to each ASA for configuration and monitoring. See the “ASA Cluster
Management” section on page 1-10.
When you place the cluster in your network, the upstream and downstream routers need to be able to
load-balance the data coming to and from the cluster using one of the following methods:
Spanned EtherChannel (Recommended)—Interfaces on multiple members of the cluster are
grouped into a single EtherChannel; the EtherChannel performs load balancing between units. See
the “Spanned EtherChannel (Recommended)” section on page 1-12.
Policy-Based Routing (Routed firewall mode only)—The upstream and downstream routers perform
load balancing between units using route maps and ACLs. See the “Policy-Based Routing (Routed
Firewall Mode Only)” section on page 1-14.
Equal-Cost Multi-Path Routing (Routed firewall mode only)—The upstream and downstream
routers perform load balancing between units using equal cost static or dynamic routes. See the
“Equal-Cost Multi-Path Routing (Routed Firewall Mode Only)” section on page 1-15.
Performance Scaling Factor
When you combine multiple units into a cluster, you can expect a performance of approximately:
70% of the combined throughput
60% of maximum connections
50% of connections per second
For example, for throughput, the ASA 5585-X with SSP-40 can handle approximately 10 Gbps of real
world firewall traffic when running alone. For a cluster of 8 units, the maximum combined throughput
will be approximately 70% of 80 Gbps (8 units x 10 Gbps): 56 Gbps.
Cluster Members
ASA Hardware and Software Requirements, page 1-3
Bootstrap Configuration, page 1-3
Master and Slave Unit Roles, page 1-3
Master Unit Election, page 1-3

Table of Contents

Other manuals for Cisco ASA 5540

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5540 and is the answer not in the manual?

Cisco ASA 5540 Specifications

General IconGeneral
Firewall Throughput650 Mbps
Maximum Firewall Connections400, 000
VPN Throughput225 Mbps
Maximum VPN Peers5, 000
High AvailabilityActive/Active, Active/Standby
IPSec VPN Throughput225 Mbps
Memory1 GB
IPS Throughput225 Mbps
Security Contexts50
Flash Memory64 MB
Form Factor1U
Power SupplyDual
Interfaces4 x 10/100/1000 Ethernet

Related product manuals