ASA 8.x Active/Standby and EIGRP

Answered Question
Nov 20th, 2008
User Badges:

Hi! I try to implement HA-configuration with two ASA and two 2821 routers.


! [ASA-1] [2821] !

![Local] < >< >[ISP]!

! [ASA-2] [2821] !


Is it correct configuration?

1) Configure EIGRP on every 2821 to distribute default gw from ISP to ASA

2) Configure EIGRP on every ASA

3) In Active/Standby mode standby ASA don't participate in routing process and don't forward traffic.


Do you know cisco's documents about HA-design with ASA 8.0 and EIGRP?

Correct Answer by mbroberson1 about 8 years 8 months ago

paa@logis,


I would just forget both the EIGRP, and HSRP unless there is some real underlying reason you need thes for this particular type of setup. You don't need either HSRP or EIGRP for Active/standby config. The attached config snippet is all there is to this setup, of course you would simpy add your default static route such as "route outside 0.0.0.0 0.0.0.0 . Let me know if this helps!


Thanks,

Brandon



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mbroberson1 Thu, 11/20/2008 - 07:46
User Badges:

Are you just trying to implement active/standy with you 2 ASA's and your internet router is attached to the "outside" interface's of the ASA's? If this is so then the configuration is relatively easy. I am not sure I understand where EIGRP comes into the picture?

paa@logis Thu, 11/20/2008 - 21:51
User Badges:

Yes, I try to implement active/standby config. Internet routers are connected to ASA's outside interface. I try to provide redundancy connection of ASA to ISP trought my two routers, I don't want to use HSRP between them, so I think that EIGRP is much better than HSRP.

Correct Answer
mbroberson1 Fri, 11/21/2008 - 05:30
User Badges:

paa@logis,


I would just forget both the EIGRP, and HSRP unless there is some real underlying reason you need thes for this particular type of setup. You don't need either HSRP or EIGRP for Active/standby config. The attached config snippet is all there is to this setup, of course you would simpy add your default static route such as "route outside 0.0.0.0 0.0.0.0 . Let me know if this helps!


Thanks,

Brandon



mbroberson1 Fri, 11/21/2008 - 05:34
User Badges:

Oh,


One more thing. You will just connect a crossover cable between the 2 ASA's and your set! You can test the failover by performing a "failover active" from the secondary ASA, or a "no failover active" from the primary ASA.


Thanks,

Brandon

Actions

This Discussion