We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby). The new site will be primary, and the previous site will be failover. We want to have one IP for users to VPN into, regardless of which site is 'up'. Can ASAs do this? I've enclosed a pic (public IPs replaced) to clarify. Any comments or info is greatly appreciated.
Jbiederstedt wrote:
We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby). The new site will be primary, and the previous site will be failover. We want to have one IP for users to VPN into, regardless of which site is 'up'. Can ASAs do this? I've enclosed a pic (public IPs replaced) to clarify. Any comments or info is greatly appreciated.
John
As far as i know this cannot be done because you can only have 2 firewalls in a failover pair. You cannot use 3 firewalls in the same failover group.
You could run active/standby between the 2 sites as long as you have a L2 link between the sites which it looks like you do but then you would only have one ASA in each location.
Jon
