1. Why I'd need failover license for two ASA appliances? Wouldn't those just work independently, or does one ASA have to autosense that it's workmate lost the Internet link and thus ask it to "failover to me"? :-) The failover works by having the two units in either active/active or active/standby. Incase of active/standby the standby unit become active on sensing the failure of an interface eg via shutdown or unplugging on the active unit, this would therefore not work for lost Internet link since these would not necessarily be a physical failure of the interface. Active/Active load balances traffic across the two units but it must be setup with multiple context. 2. How do I enable those two features? I have two ISPs (DSL and SDSL). I'd like to terminate both on the ASA and let the device handle cases where one link goes down. You'd need BGP to have this, a feature not available on ASA. 3. I think requiring a Cisco Router for my situation would be an overkill when I already have ASA. Am I just being an anti-nyita, guys? You could do it on freeBSD with Quagga. Not sure about the Dual ISPs : Disabled. I have not seen it on the ASA I have worked with. -----Original Message----- From: Odhiambo Washington <odhiambo@gmail.com> Reply-to: Skunkworks Mailing List <skunkworks@lists.my.co.ke> To: Skunkworks forum <skunkworks@lists.my.co.ke> Subject: [Skunkworks] Local Cisco Vendors Date: Thu, 15 Jul 2010 18:11:08 +0300 Are there Cisco vendors in KE who will not ask a novice like me funny questions, or is it my amateurish knowledge that makes me feel this way?? I have the following output from one of the Cisco ASA I manage: <cut> Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 3, DMZ Restricted Inside Hosts : Unlimited Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 10 WebVPN Peers : 2 Dual ISPs : Disabled VLAN Trunk Ports : 0 This platform has a Base license. </cut> So, I have two Internet links which I'd like to terminate into the ASA (5505) and configure fail-over. From the little I've read, I require an enhanced license so that I can have the "Failover" and "Dual ISPs" features enabled, no? I have contacted a local vendor, who is telling me that <quote> Hi Odhiambo, The failover license is only applicable when you have two ASA appliance and you need High Availability on the appliance not links. If you have two internet links and you want to load balance, then you might need a Cisco router. </quote> Now, can someone tell me: 1. Why I'd need failover license for two ASA appliances? Wouldn't those just work independently, or does one ASA have to autosense that it's workmate lost the Internet link and thus ask it to "failover to me"? :-) 2. How do I enable those two features? I have two ISPs (DSL and SDSL). I'd like to terminate both on the ASA and let the device handle cases where one link goes down. 3. I think requiring a Cisco Router for my situation would be an overkill when I already have ASA. Am I just being an anti-nyita, guys? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke