I need to deploy the following:
- 2 Cisco 2921 routers in Active/Active mode
- 2 ASA 5520 in Active/Standby mode
- Cisco 2960G switches as required
In Solution 1, I have used 3 switches.
In Solution 2, I have included redundancy at the different switch levels.
Please see attached.
My queries are as follows:
- Which solution is better?
- At the router level, I understand that if I use HSRP, there needs to be an Active router and a Standby router. If both routers need to be active, what kind of configuration needs to be done?
- In Soution 2, are the equipments correctly cabled? Are there too many links? Is there a need for a direct router to router or switch to switch connection?
- In Solution 2, each ASA 5520 will be using 5 network interfaces. The ASAs need to be equipped with the IPS module, thus the expansion slot will be used. As the ASA 5520 comes with 4 network cards, is there a way to use less interfaces when using this type of deployment?
- What are RAD modems (Ethernet splitter) and how can 2 RAD modems be integrated to the router cluster?
- The connectivity to the Internet will be through SHDSL. So each router will each be needing an SHDSL interface. Will the ISP line first go the RAD modem and then to the router?
I believe I can assist you with #2 as I have this exact setup.
If you want to use HSRP, you will need to configure multiple groups on each router with each router having both an Active and a seperate Standy Group
group 1 - Active
group 2 - Standby
group 1 - Standby
group 2 - Active
The problem I ran into is I couldn't find a way to make two default routes load balance on the ASA.
Another option is Global Load Balancing Protocol GLBP. Under this scenario, you can have both routers active and have them load balance using a single default route from the ASA's.
Also, your second scenario will not work. You are using too many ports. The Network Ports in the IPS are for management of the IPS only. You can not use them for networking. Also, the ASA has a fifth port (Management 0/0) that is for management use only. The other problem I ran into is this interface is 100Mb. That leaves you with Gig 0/0 - 0/3 for network usage. In my case, I needed the replication traffic between the ASA's for the Standby router to be in sync with the Active router to using a Gigabit port.
I know this doesn't answer all of your questions, but I hope it helps.