01-19-2010 08:43 AM - edited 03-11-2019 09:58 AM
We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby). The new site will be primary, and the previous site will be failover. We want to have one IP for users to VPN into, regardless of which site is 'up'. Can ASAs do this? I've enclosed a pic (public IPs replaced) to clarify. Any comments or info is greatly appreciated.
01-19-2010 08:57 AM
Jbiederstedt wrote:
We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby). The new site will be primary, and the previous site will be failover. We want to have one IP for users to VPN into, regardless of which site is 'up'. Can ASAs do this? I've enclosed a pic (public IPs replaced) to clarify. Any comments or info is greatly appreciated.
John
As far as i know this cannot be done because you can only have 2 firewalls in a failover pair. You cannot use 3 firewalls in the same failover group.
You could run active/standby between the 2 sites as long as you have a L2 link between the sites which it looks like you do but then you would only have one ASA in each location.
Jon
01-19-2010 10:34 PM
You can use vpn cluster.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1571553
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: