Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1928
Views
0
Helpful
2
Replies

redundant Links with asa firewall

naresh-poojary
Level 1
Level 1

‎12-29-2008 04:15 AM - edited ‎03-06-2019 03:10 AM

Hi,

I am planning to implement have a collapsed core architecture with two core switch connected to two asa firewall. Can somebody guide me on the High availibility options that i have. Can i have two links connecting to a single asa firewall originating from both the core switch.

Labels:
Preview file
35 KB
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎12-29-2008 04:28 AM

Naresh

"Can i have two links connecting to a single asa firewall originating from both the core switch."

This is not typically what you would do. 2 interfaces on the same ASA cannot be in the same IP subnet and so the interfaces would need to be in different subnets.

If you want to use active/standby as shown in your diagram then you would be better off removing the cross connects between the core switches and the ASA firewalls so core1 connects to ASA1 and core2 connects to ASA2 on the inside interfaces of the ASA's. You still need to have a separate pair of interfaces for stateful failover.

Then assuming ASA1 is active

1) if core1 dies ASA2 becomes active

2) if the link from core1 to ASA1 goes down ASA2 becomes active

This assumes that the link between your 2 core switches is a L2 trunk. If it is L3 routed link then the above would not apply.

Jon

0 Helpful

bilousand
Level 1
Level 1

‎12-29-2008 05:19 AM

VSS is probably an option if core devices are 65xx.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card