HSRP configuration question

Unanswered Question
Apr 27th, 2009


our customer have 2 cisco routers 2811 for internet and 2 ASA firewalls . Also the customer has 2M leased line from the ISP for internet . our customer will get another internet line from the same ISP to be used as a backup for the main line.

if i want to configure HSRP between the two internet routers and configuring the firewalls for failover , does that need to use 5 real ip addresses on the routers and firewalls interfaces or not???

Another guestion :

if the backup line is obtained from different ISP , can i configure HSRP on the routers??

waiting your replies



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lamav Mon, 04/27/2009 - 14:51

Hi, Mo:

You can run the PIX outside interfaces and the router's HSRP group off the same subnet.

The PIX will default to the router's HSRP VIP.

The primary router will be the HSRP primary and you will track the WAN interface. If the WAN link goes down, the HSRP secondary will become the primary, and the PIX will still be pointing to the right address, which is the HSRP VIP.

This is one way to do it...

Configuring HSRP on the LAN interfaces of your Internet routers has nothing to do with who provides your WAN links.



mohamed_makled Mon, 04/27/2009 - 15:14

Dear victor

Thanks for your reply .

please note that if i get two internet lines from two different ISPs , each ISP will give me a different subnet of real ip addresses.

for example:

ISP1 : 62.x.x.70/27

ISP2 : 82.x.x.60/27

These addresses should be used on the LAN interfaces of the internet routers and the outside interfaces of the firewalls (Firewalls are considered as VPN gateways).

So, how can i configure HSRP on the routers in this setup??

lamav Mon, 04/27/2009 - 15:40

I see what you mean.

Why do you need to use the SP-assigned block of addresses for the inside LAN interfaces of the Internet routers and the PIX outside interfaces? Is there a requirement for this?

Why cant you just use the SP-provided address for your one WAN connection to them, and use internals for everything else?



This Discussion