Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
3
Replies

HSRP configuration question

mohamed_makled
Level 1
Level 1

‎04-27-2009 02:02 PM - edited ‎03-04-2019 04:32 AM

Hi

our customer have 2 cisco routers 2811 for internet and 2 ASA firewalls . Also the customer has 2M leased line from the ISP for internet . our customer will get another internet line from the same ISP to be used as a backup for the main line.

if i want to configure HSRP between the two internet routers and configuring the firewalls for failover , does that need to use 5 real ip addresses on the routers and firewalls interfaces or not???

Another guestion :

if the backup line is obtained from different ISP , can i configure HSRP on the routers??

waiting your replies

regards

Mohamed

Labels:
0 Helpful
3 Replies 3

lamav
Level 8
Level 8

‎04-27-2009 02:51 PM

Hi, Mo:

You can run the PIX outside interfaces and the router's HSRP group off the same subnet.

The PIX will default to the router's HSRP VIP.

The primary router will be the HSRP primary and you will track the WAN interface. If the WAN link goes down, the HSRP secondary will become the primary, and the PIX will still be pointing to the right address, which is the HSRP VIP.

This is one way to do it...

Configuring HSRP on the LAN interfaces of your Internet routers has nothing to do with who provides your WAN links.

HTH

Victor

0 Helpful

mohamed_makled
Level 1
Level 1
In response to lamav

‎04-27-2009 03:14 PM

Dear victor

Thanks for your reply .

please note that if i get two internet lines from two different ISPs , each ISP will give me a different subnet of real ip addresses.

for example:

ISP1 : 62.x.x.70/27

ISP2 : 82.x.x.60/27

These addresses should be used on the LAN interfaces of the internet routers and the outside interfaces of the firewalls (Firewalls are considered as VPN gateways).

So, how can i configure HSRP on the routers in this setup??

0 Helpful

lamav
Level 8
Level 8
In response to mohamed_makled

‎04-27-2009 03:40 PM

I see what you mean.

Why do you need to use the SP-assigned block of addresses for the inside LAN interfaces of the Internet routers and the PIX outside interfaces? Is there a requirement for this?

Why cant you just use the SP-provided address for your one WAN connection to them, and use internals for everything else?

Victor

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card