dual asa failover on dual cores using routed interfaces instead of HSRP

Unanswered Question
Dec 3rd, 2009

using dual core 6509s, can failover be configured on both asa's when using routed interfaces on the core switches instead of using HSRP and L3 vlan?

is there a config / white paper on how to configure this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
resoares Thu, 12/03/2009 - 10:45

Hi,

Take a look at the following link:

https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

It is possible to configure ip sla on ASA or if you prefer a routing protocol like OSPF between ASA and 6500.

The link below explains how to configure IGPs on ASA:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html

Br,

Jon Marshall Thu, 12/03/2009 - 10:40

tsrader wrote:

using dual core 6509s, can failover be configured on both asa's when using routed interfaces on the core switches instead of using HSRP and L3 vlan?

is there a config / white paper on how to configure this?

Probably need a bit more info to understand exactly how you want to set it up but the key point to rememeber is that failover requires L2 adjacency between the 2 ASAs because each corresponding interface on both the active/standby firewalls are in the same subnet.

By the sounds of it you are not proposing to have L2 adjacency beween the ASA devices ?

Jon

Actions

This Discussion