I have a question regarding ASA failover pair connection. Inside and outside interface (no DMZ) needs to be connected via L2 switch, and via LAN based cable. My question: is it possible to use the same switch for connecting ASA interfaces? Please look at attach file. Inside interfaces of both ASA is connected to ports in the same VLANs, an additional port (trunk) is connected to Cisco 6500 an OSPF is configured. Also, the sam is with outside interfaces of both ASAs.
Yes you are right it is still a single point of failure. The idea would be to have one inside interface to one switch and the other inside interface to another switch and the same for the outside.
You could if you wanted use the same physical switches and so you need 2 switches, each with 2 vlans although quite often designs often use separate switches for the outside interfaces.
It all depends on the level of redundancy you need.
Yes you can do this if you want to although i would question why you want to do this. The problem is you have redundant firewalls but only connecting to one switch so your catalyst 2960/3560 is now a single point of failure.
Seems wrong to have redundant firewalls hanging off one switch.