3 ASA firewalls in failover or cluster??

Unanswered Question
Feb 26th, 2008
User Badges:

We have 2 sites with 2 ASA 5520s on Site A and a 3rd ASA 5520 on Site B.

We have the 2 ASAs at Site A set as Active/Passive failover.

We would like the firewall at Site B to also be part of this failover in the event of Site A being unavailable. Is this possible?

We have a dedicated link between the 2 sites so linking the firewalls for heartbeats etc.. is not an issue.

Is this a valid setup? Is there a better way to achieve this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cdusio Thu, 02/28/2008 - 17:20
User Badges:
  • Bronze, 100 points or more

This is not possible. You're better off using routing to control ourbound routing around a failure. Use object tracking to generate the default route and redistribute into your IGP.

On the outside NAT to unique address space and you're good to go.


This Discussion