Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
4
Replies

Connecting an ASA to 2 internal Level 3 switches

Go to solution
David Tamburin
Level 1
Level 1

‎07-29-2010 01:43 PM - edited ‎03-11-2019 11:18 AM

We have an ASA and two internal switches.  The switches are set up with HSRP for redundancy.

I was wondering if/how it is possible to physically connect both of these switches to the one ASA which is connected to our internet connection.

This way if one of the switches fails we would still have internet.

Is this possible?  How would you do it?

Thank you,

Davidt

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
manish arora
Level 6
Level 6
In response to edadios

‎07-29-2010 04:39 PM

You can also look into 'redundant interface configuration' on the asa side , if you are not planning to buy a failover asa. another option could be having the single asa configured in to multiple context.

thanks

Manish

View solution in original post

0 Helpful

Go to solution
waltermavely
Level 1
Level 1

‎07-29-2010 11:52 PM

If u have free physical interface in your ASA you can configure Redundant interface

For example let say you have two interface

fa0/1 and fa0/2

interface FastEthernet0/1
no nameif
no security-level
no ip address

interface FastEthernet0/2
no nameif
no security-level
no ip address

interface Redundant1
member-interface FastEthernet0/1
member-interface FastEthernet0/2
nameif inside
security-level 100
ip address x.x.x.x x.x.x.x

By default, the active interface is the first interface listed in the configuration

If you shut down the active interface, then the standby interface becomes active . it is able to change forcefully also

FastEthernet0/1 you can connect to first switch and FastEthernet0/2 you can connect second switch

But advisable solution is that configuration the ASA failover pair this will solve hardware failure issue also

hope this is help full for you

Regard

View solution in original post

0 Helpful
4 Replies 4

Go to solution
edadios
Cisco Employee
Cisco Employee

‎07-29-2010 03:44 PM

You should setup for 2 X ASA in failover, One ASA connected to one switch, and the 2nd

to the other switch. With the 2 switches trunked.

Regards,

0 Helpful

Go to solution
manish arora
Level 6
Level 6
In response to edadios

‎07-29-2010 04:39 PM

You can also look into 'redundant interface configuration' on the asa side , if you are not planning to buy a failover asa. another option could be having the single asa configured in to multiple context.

thanks

Manish

0 Helpful

Go to solution
waltermavely
Level 1
Level 1

‎07-29-2010 11:52 PM

If u have free physical interface in your ASA you can configure Redundant interface

For example let say you have two interface

fa0/1 and fa0/2

interface FastEthernet0/1
no nameif
no security-level
no ip address

interface FastEthernet0/2
no nameif
no security-level
no ip address

interface Redundant1
member-interface FastEthernet0/1
member-interface FastEthernet0/2
nameif inside
security-level 100
ip address x.x.x.x x.x.x.x

By default, the active interface is the first interface listed in the configuration

If you shut down the active interface, then the standby interface becomes active . it is able to change forcefully also

FastEthernet0/1 you can connect to first switch and FastEthernet0/2 you can connect second switch

But advisable solution is that configuration the ASA failover pair this will solve hardware failure issue also

hope this is help full for you

Regard

0 Helpful

Go to solution
David Tamburin
Level 1
Level 1
In response to waltermavely

‎07-30-2010 07:07 AM

Thanks for all your answers.

I'd love to configure failover to a secondary ASA, if I could get one.

However at this time it doesn't look like that is going to happen so I was looking for the 2nd scenario.

Thanks,

Davidt

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card