I have ASA with subinterfaces/vlans for DMZ.The DMZ network has a single switch with no layer-3 vlans in it .The devices that were connected to this switch were down other day due to switch hardware failure.Is there a way I can make sure that these devices plugged into the switch(es) can stay up even if one switch dies..
say I have two ASAs...When switch of Primary ASA goes down..does primary fails over to secondary and all those devices through secondary now ?
Also Daul honed means Network card Teaming you are refering to ?
If you have 2 ASAs you would set it up -
connect ASA1 to switch1 (SW1)
connect ASA2 to switch2 (SW2)
connect SW1 to SW2 with either a L2 trunk or a L2 access port, depending on whether you are running multiple vlans on your DMZ switches.
Lets assume it is connected as above and ASA1 is the active firewall. SW1 is the switch that has the active NICs connected to it. Dual honed simply means each server has 2 NICs, one is active and the other is in standby mode.
1) Failure of active server NIC - server makes it's other NIC active. This is connected to SW2 . traffic flows to SW2, across the link to SW1 and then to ASA1 which is the active firewall
2) Failure of SW1 - the firewall fails over and ASA2 becomes active. The server NICs to SW2 also become active as SW1 has failed.
3) Failure of ASA1 - ASA2 takes over. The active NICs are still connected to SW1 so traffic goes from servers to SW1 across to SW2 and to ASA2