5510 Wan Failover

Unanswered Question
Oct 30th, 2008
User Badges:

Hi -

I recently purchased 2 ASA 5510's. I also have two ISP connections. How do i configure the two devices to perform WAN failover for each other? I have read the documents online but the active/active failover document seems to apply only to LAN based failover, not WAN based. Thanks.


Cris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
guibarati Thu, 10/30/2008 - 12:18
User Badges:
  • Bronze, 100 points or more

LAN based means that the exchange of information between two ASAs will be done through the LAN, (instead of the old failover cable, available only for PIX).



ccabacungan Thu, 10/30/2008 - 12:29
User Badges:

sorry - yes, you are absolutely right on. let me clarify my question - I have 2 isp's. if i configure the 2 ASA's according to the cisco docs (active/active failover) with 2 security context - if ISP1 goes down, then the security context using ISP1 will also go down because the standby IP is also using the same ISP - which is exactly what i don't want.

guibarati Thu, 10/30/2008 - 17:48
User Badges:
  • Bronze, 100 points or more

You can install, ISP1 in the two contexts of ASA1 and ISP2 in the two contexts of ASA2.

Leave context1 active in ASA1 and standby in the ASA2 and vice-versa. So If One ISP goes down the context will go down on that ASA but will be active in the other one.


Some more things to consider. Why would you still use this context if the ISP is down?


Other very important thing, usually when ISP connection goes down it's not the directly connected ASAs interface, so, for ASA the "ISP" will be always UP, will goes down only if it's ethernet port goes down.


I trully recomend you using a router to the ISP redundancy, with router protocol or RTR.


Actions

This Discussion