Active active firewall

Unanswered Question
Nov 5th, 2009

Hi all

the scenario is

ASA-- --R1(Public subnet 1)---

-------Switch---------------------ISP1

ASA-- --R2(Public subnet 2)---

What is the best way to achive the redundancy both the firewalls in active active mode connected to switch and 2 routers connected to 1 ISP

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mcroberts Tue, 11/10/2009 - 10:20

In this scenario, you would have some logical separation of traffic. Lets take all LAN traffic. This will flow to Context A's inside interface of this context would need to be set as the default gateway for all of the connected devices. Now, lets say you also have a wireless network as well. You can send all of that traffic to Context B, making its inside interface your default gateway.

Now, you have your multiple contexts built. When setting up your failover, you would create failover groups on your admin context for context A and B. For context A, you would create the primary ASA as active and the standby ASA as standby. For the other context, you would create the standby ASA as active and the primary ASA as standby.

You now are sending active traffic through each firewall and each context can send all traffic to your single ISP as its default gateway.

Actions

This Discussion