Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
3
Helpful
6
Replies

ASA failover design and configuration help needed !!!

balaji090
Level 1
Level 1

‎09-13-2009 08:14 PM - edited ‎03-11-2019 09:14 AM

Hi Any one if they could help me here on the mentioned design below it would be of gr8 help.The wan connectivity is Active,Passive !!

the things I would like to know is.

***I want to configure the ASA and the router for high availablility. DO i need to bring in the switch between the ASA's and the router 2851.If so how do i do that ? Do i need to put 2851's and the ASA's in the same vlan? or lil confused on that .....

*** Also I need some help on the asa configuration Part .

Labels:
Preview file
24 KB
0 Helpful
6 Replies 6

apdatasoft
Level 1
Level 1

‎09-13-2009 08:59 PM

Hi Balaji,

I suggest two L3 switches in between the ASA and the 2851 router. Run a HSRP between the two switches for Redundacy (Full Pledged redundancy on the WAN edge). Run a dynamic routing protocol (EIGRP or OSPF if OSPF supported by the IOS: choice is urs) inbetween the routers, switches and ASA. Please have a look at the diagram i have attached. U could be more clear.

Regards

AP

Preview file
89 KB

balaji090
Level 1
Level 1
In response to apdatasoft

‎09-13-2009 10:09 PM

Hi Ap ,

I dont have a L3 switch to place it inbetween the 2851 and ASA ......

Can I use the L2 instead ?

in that case Will i be able to run HSRP ?

0 Helpful

apdatasoft
Level 1
Level 1
In response to balaji090

‎09-13-2009 10:28 PM

Yes,

L2 switch can be used instead of L3 switches. Interlink the L2 swithces with trunk, so that the routers understand for building HSRP.

Regards

AP

0 Helpful

balaji090
Level 1
Level 1
In response to apdatasoft

‎09-13-2009 11:19 PM

Hey AP thanks a lot for your respone on this !!!

Well if i have to configure the HSRP that would be on the router interface if I am not wrong ....then how would the asa failover work ??

id :balaji.rajesh@gmail.com

0 Helpful

apdatasoft
Level 1
Level 1
In response to balaji090

‎09-13-2009 11:51 PM

Hi Balaji,

Yes HSRP on the Routers interfaces connected to L2 swithces. ASA's also should be interconnected using a cross cable as per the diagram attached (Tip: u can use the management interfaces of the ASA to create failover interface).

Regards

AP

Preview file
89 KB
0 Helpful

balaji090
Level 1
Level 1
In response to apdatasoft

‎09-24-2009 11:05 PM

Hi In this design I have the 2851 router connecting to the wan has etheret interface can I track this ?? in HSRP i guess we can do the tracking only for serial

any solution for the ethernet ???

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card