01-30-2008 12:11 PM
All,
ASA5510 with gig0/0 to Internet . Gig0/1 -> Inside network. In the LAN I have qty#2 3560 with enhanced image and servers with Dual NIC for redundancy.
I want to VLAN the n/w and use OSPF as routing protocol. Iam planning to create a Etherchannel between the 2 switches and run OSPF also.
Planning to have HSRP failover for Servers from Switch1 to switch2.
Now from Switch1 , port1 connects to ASA gig 0/1, but incase if Sw1 fails, with HSRP functioning, SW2 will takeover
the traffic, how the servers can go online dynamically ?
Thanks in advance
MS
01-31-2008 02:44 PM
Mehboob,
Looking at your topology and your concern I would recommend to have your ASA5510 inside interface participate in OSPF as well and have ASA5510 inject default route down stream to your OSPF neighbors which are your switches.
Your servers default gateway will be your defined HSRP ip address on your SVI interfaces in switches , if SW1 fails servers will continue connectivity provided by HSRP, and as indicated before your defaul route will be injected by ASA firewall via default information originate statement in ASA and continue outbound internet connectivity.
Rgds
Jorge
02-01-2008 07:12 AM
Hi Jorge,
Thank you for your reply. But at this time SW2 is not directly connected to ASA. Yesterday, I have completed the VLANs and here is existing Scenario:
Vlan 10: Network management1
Vlan15: Servers
Vlan20 :ILO
SW1 gig0/10 -- Vlan 10 --> ASA gig0/1
SW1 & SW2 --> EtherChannel Via gig 0/47 & 0/48
SW1 & SW2 : has HSRP for Vlan15 and 10.10.10.1 is hsrp ip for all servers.
SW1 is active switch/gateway.
SW1 & SW2 has OSPF enabled with netwroks
for Vlans and default route points to ASA Inside interface.
ASA: enabled with OSPF(with its gig0/1 interface info only) and learning servers via OSPF.
So as now only SW1 port is connected to ASA, incase if SW1 fails how can use/configure SW2 for Automatic failover .
I have 2 interfaces on ASA avialable for use.
May be wrong but here what Iam thinking:
*************************************
1. create another vlan on 3560-S2 ex:
Vlan11
2. Configure ASA gig0/2 with ip :
10.10.11.4 255.255.255.0 and with Same
security level as Inside
3. Connect the gig0/2 on ASA to 3560-S2
vlan11 port.
4. configure OSPF on ASA with 10.10.11.4
information and 'nat' statement on ASA
5. configure another static route on 3560-
S2 as :
ip route 0.0.0.0 0.0.0.0 10.251.26.4 200
******************************************
Will you please review and advice ,the best way with necessary commands for ASA.
Thank you in advance
MS
02-05-2008 07:15 PM
any takers...???
Thank you
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide