dual asa failover on dual cores using routed interfaces instead of HSRP

Unanswered Question
Dec 3rd, 2009
User Badges:

using dual core 6509s, can failover be configured on both asa's when using routed interfaces on the core switches instead of using HSRP and L3 vlan?


is there a config / white paper on how to configure this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
resoares Thu, 12/03/2009 - 10:45
User Badges:
  • Cisco Employee,

Hi,



Take a look at the following link:



https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


It is possible to configure ip sla on ASA or if you prefer a routing protocol like OSPF between ASA and 6500.


The link below explains how to configure IGPs on ASA:


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html



Br,

Jon Marshall Thu, 12/03/2009 - 10:40
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

tsrader wrote:


using dual core 6509s, can failover be configured on both asa's when using routed interfaces on the core switches instead of using HSRP and L3 vlan?


is there a config / white paper on how to configure this?


Probably need a bit more info to understand exactly how you want to set it up but the key point to rememeber is that failover requires L2 adjacency between the 2 ASAs because each corresponding interface on both the active/standby firewalls are in the same subnet.


By the sounds of it you are not proposing to have L2 adjacency beween the ASA devices ?


Jon

Actions

This Discussion