ASA failover design and configuration help needed !!!

Unanswered Question
Sep 13th, 2009

Hi Any one if they could help me here on the mentioned design below it would be of gr8 help.The wan connectivity is Active,Passive !!

the things I would like to know is.

***I want to configure the ASA and the router for high availablility. DO i need to bring in the switch between the ASA's and the router 2851.If so how do i do that ? Do i need to put 2851's and the ASA's in the same vlan? or lil confused on that .....

*** Also I need some help on the asa configuration Part .

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
apdatasoft Sun, 09/13/2009 - 20:59

Hi Balaji,

I suggest two L3 switches in between the ASA and the 2851 router. Run a HSRP between the two switches for Redundacy (Full Pledged redundancy on the WAN edge). Run a dynamic routing protocol (EIGRP or OSPF if OSPF supported by the IOS: choice is urs) inbetween the routers, switches and ASA. Please have a look at the diagram i have attached. U could be more clear.



balaji090 Sun, 09/13/2009 - 22:09

Hi Ap ,

I dont have a L3 switch to place it inbetween the 2851 and ASA ......

Can I use the L2 instead ?

in that case Will i be able to run HSRP ?

apdatasoft Sun, 09/13/2009 - 22:28


L2 switch can be used instead of L3 switches. Interlink the L2 swithces with trunk, so that the routers understand for building HSRP.



apdatasoft Sun, 09/13/2009 - 23:51

Hi Balaji,

Yes HSRP on the Routers interfaces connected to L2 swithces. ASA's also should be interconnected using a cross cable as per the diagram attached (Tip: u can use the management interfaces of the ASA to create failover interface).



balaji090 Thu, 09/24/2009 - 23:05

Hi In this design I have the 2851 router connecting to the wan has etheret interface can I track this ?? in HSRP i guess we can do the tracking only for serial

any solution for the ethernet ???


This Discussion