Hi:
I have an ASG-320 appliance, V 8.302, and am trying to implement two things (one at a time).
Part one is to do high availability/failover. I just got a second ASG-320. From all I've read thus far, it's pretty much plug & play (or pray).
I've tried it, and it kills all the DNAT/SNAT's I've got. Are there tricks to implementing the HA with DNAT/SNAT, or was I impatient and just didn't give it enough time? Also seems the ports go down. I can't connect to it internally, etc. Also CPU utilitization goes to 100%. Patience?
Second part of the question - We have two buildings, across the street from each other, with our own fiber between the building. I have a Cisco network, doing VLAN's between the buildings with multiple trunks, and with our internet connection going out of one.
What I want to do is put the second ASG-320 in the other building, so if there is a disaster, etc. in the first building there is a good change the second ASG is surviving. Another part to our disaster planning is putting in a second internet connection, from a different ISP, terminating in the second building (another day), with I'm sure many more questions. But...
Question is what connectivity do I need between the HA ports on the two ASG's? Will they connect through the switches, or two fiber transcievers and their own fiber? If dedicated fiber, would 10 M connection be adequate or is a 100M needed? I see where you can put in a backup interface for the HA path. Assuming that a good idea?
Another part of the question is what criteria is used for the second ASG to take over. Is it losing the heartbeat? What if the backup box loses one of it's links but the primary is still working? Is it possible the two could get into a fight as to who is active?
Sorry for the long post.
THANKS !!!
I have an ASG-320 appliance, V 8.302, and am trying to implement two things (one at a time).
Part one is to do high availability/failover. I just got a second ASG-320. From all I've read thus far, it's pretty much plug & play (or pray).
I've tried it, and it kills all the DNAT/SNAT's I've got. Are there tricks to implementing the HA with DNAT/SNAT, or was I impatient and just didn't give it enough time? Also seems the ports go down. I can't connect to it internally, etc. Also CPU utilitization goes to 100%. Patience?
Second part of the question - We have two buildings, across the street from each other, with our own fiber between the building. I have a Cisco network, doing VLAN's between the buildings with multiple trunks, and with our internet connection going out of one.
What I want to do is put the second ASG-320 in the other building, so if there is a disaster, etc. in the first building there is a good change the second ASG is surviving. Another part to our disaster planning is putting in a second internet connection, from a different ISP, terminating in the second building (another day), with I'm sure many more questions. But...
Question is what connectivity do I need between the HA ports on the two ASG's? Will they connect through the switches, or two fiber transcievers and their own fiber? If dedicated fiber, would 10 M connection be adequate or is a 100M needed? I see where you can put in a backup interface for the HA path. Assuming that a good idea?
Another part of the question is what criteria is used for the second ASG to take over. Is it losing the heartbeat? What if the backup box loses one of it's links but the primary is still working? Is it possible the two could get into a fight as to who is active?
Sorry for the long post.
THANKS !!!