Active active firewall

Unanswered Question
Nov 5th, 2009
User Badges:

Hi all


the scenario is


ASA-- --R1(Public subnet 1)---

-------Switch---------------------ISP1

ASA-- --R2(Public subnet 2)---


What is the best way to achive the redundancy both the firewalls in active active mode connected to switch and 2 routers connected to 1 ISP

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mcroberts Tue, 11/10/2009 - 10:20
User Badges:

In this scenario, you would have some logical separation of traffic. Lets take all LAN traffic. This will flow to Context A's inside interface of this context would need to be set as the default gateway for all of the connected devices. Now, lets say you also have a wireless network as well. You can send all of that traffic to Context B, making its inside interface your default gateway.


Now, you have your multiple contexts built. When setting up your failover, you would create failover groups on your admin context for context A and B. For context A, you would create the primary ASA as active and the standby ASA as standby. For the other context, you would create the standby ASA as active and the primary ASA as standby.


You now are sending active traffic through each firewall and each context can send all traffic to your single ISP as its default gateway.

Actions

This Discussion