ASA 8.0 redundant interfaces

Unanswered Question
Jul 9th, 2008


i have successfully tested interface failover in version 8.0 of the ASA code; used with 2 switches to help in the event of switch failure

but given i currently use all 4 interfaces (outside, inside, DMZ1, DMZ2) i would require a total of 8 to provide full interface redundancy in this case

clearly i could buy a 4 port module in this case but i was wondering if there is any other way of doing it;

possibly using a trunk link for all 4 vlans into gigabitethernet0/0 and using gigabitethernet0/1 as the redundant interface for the trunk link of the 4 vlans.

is this possible? is there a more obvious solution than this?

please help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
a.alekseev Wed, 07/09/2008 - 03:10

If you need more interfaces there is no sense to buy additional card.

Use VLAN's

Magnus Mortensen Fri, 07/11/2008 - 20:42

Its easy...

Step1) Create a redundant interface based off of two physical interfaces... lets call that interface Redundant1....

Step2) Create subinterfaces off of Redundant1 for the inside, outside and DMZ's.

interface Redundant1.10

nameif inside

yadda yadda yadda...

Make sense?

mikedelafield Thu, 07/31/2008 - 21:30

Hi thanks for your reply.

so i am to create a redundant interface for the Physical pair of interfaces rather than redundant interfaces for each of the various physical sub-interfaces?

Or will both work?

What is the difference with both approaches?

nikuhappy2010 Thu, 07/31/2008 - 23:06

Hi, Request to you, please post all configuration as a example so that I can understand in better way. It will be greatful for us. Thanks.

mikedelafield Fri, 08/01/2008 - 00:54

I have no configuration yet as i have not decided on the plan.

I am using 3 interfaces on 1 single ASA 5520 (total of 4 interfaces)

Inside, Outside, DMZ

However i have 2 switches and in the event of switch failure i would like connectivity to the firewall to remain.

Hence the idea to use a redundant interface with subinterfaces??

dphills18 Mon, 10/27/2008 - 20:52

when i try to configure redundant sub interfaces, i receive the following error.

ASA1(config)# interface Redundant 1.2


ERROR: % Invalid input detected at '^' marker.


anyone have any suggestions


This Discussion