ASA 8.x Active/Standby and EIGRP

Answered Question

Hi! I try to implement HA-configuration with two ASA and two 2821 routers.


! [ASA-1] [2821] !

![Local] < >< >[ISP]!

! [ASA-2] [2821] !


Is it correct configuration?

1) Configure EIGRP on every 2821 to distribute default gw from ISP to ASA

2) Configure EIGRP on every ASA

3) In Active/Standby mode standby ASA don't participate in routing process and don't forward traffic.


Do you know cisco's documents about HA-design with ASA 8.0 and EIGRP?

Correct Answer by mbroberson1 about 8 years 4 months ago

[email protected],


I would just forget both the EIGRP, and HSRP unless there is some real underlying reason you need thes for this particular type of setup. You don't need either HSRP or EIGRP for Active/standby config. The attached config snippet is all there is to this setup, of course you would simpy add your default static route such as "route outside 0.0.0.0 0.0.0.0 . Let me know if this helps!


Thanks,

Brandon



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mbroberson1 Thu, 11/20/2008 - 07:46
User Badges:

Are you just trying to implement active/standy with you 2 ASA's and your internet router is attached to the "outside" interface's of the ASA's? If this is so then the configuration is relatively easy. I am not sure I understand where EIGRP comes into the picture?

Correct Answer
mbroberson1 Fri, 11/21/2008 - 05:30
User Badges:

[email protected],


I would just forget both the EIGRP, and HSRP unless there is some real underlying reason you need thes for this particular type of setup. You don't need either HSRP or EIGRP for Active/standby config. The attached config snippet is all there is to this setup, of course you would simpy add your default static route such as "route outside 0.0.0.0 0.0.0.0 . Let me know if this helps!


Thanks,

Brandon



mbroberson1 Fri, 11/21/2008 - 05:34
User Badges:

Oh,


One more thing. You will just connect a crossover cable between the 2 ASA's and your set! You can test the failover by performing a "failover active" from the secondary ASA, or a "no failover active" from the primary ASA.


Thanks,

Brandon

Actions

This Discussion