07-29-2010 01:43 PM - edited 03-11-2019 11:18 AM
We have an ASA and two internal switches. The switches are set up with HSRP for redundancy.
I was wondering if/how it is possible to physically connect both of these switches to the one ASA which is connected to our internet connection.
This way if one of the switches fails we would still have internet.
Is this possible? How would you do it?
Thank you,
Davidt
Solved! Go to Solution.
07-29-2010 04:39 PM
You can also look into 'redundant interface configuration' on the asa side , if you are not planning to buy a failover asa. another option could be having the single asa configured in to multiple context.
thanks
Manish
07-29-2010 11:52 PM
If u have free physical interface in your ASA you can configure Redundant interface
For example let say you have two interface
fa0/1 and fa0/2
interface FastEthernet0/1
no nameif
no security-level
no ip address
interface FastEthernet0/2
no nameif
no security-level
no ip address
interface Redundant1
member-interface FastEthernet0/1
member-interface FastEthernet0/2
nameif inside
security-level 100
ip address x.x.x.x x.x.x.x
By default, the active interface is the first interface listed in the configuration
If you shut down the active interface, then the standby interface becomes active . it is able to change forcefully also
FastEthernet0/1 you can connect to first switch and FastEthernet0/2 you can connect second switch
But advisable solution is that configuration the ASA failover pair this will solve hardware failure issue also
hope this is help full for you
Regard
07-29-2010 03:44 PM
You should setup for 2 X ASA in failover, One ASA connected to one switch, and the 2nd
to the other switch. With the 2 switches trunked.
Regards,
07-29-2010 04:39 PM
You can also look into 'redundant interface configuration' on the asa side , if you are not planning to buy a failover asa. another option could be having the single asa configured in to multiple context.
thanks
Manish
07-29-2010 11:52 PM
If u have free physical interface in your ASA you can configure Redundant interface
For example let say you have two interface
fa0/1 and fa0/2
interface FastEthernet0/1
no nameif
no security-level
no ip address
interface FastEthernet0/2
no nameif
no security-level
no ip address
interface Redundant1
member-interface FastEthernet0/1
member-interface FastEthernet0/2
nameif inside
security-level 100
ip address x.x.x.x x.x.x.x
By default, the active interface is the first interface listed in the configuration
If you shut down the active interface, then the standby interface becomes active . it is able to change forcefully also
FastEthernet0/1 you can connect to first switch and FastEthernet0/2 you can connect second switch
But advisable solution is that configuration the ASA failover pair this will solve hardware failure issue also
hope this is help full for you
Regard
07-30-2010 07:07 AM
Thanks for all your answers.
I'd love to configure failover to a secondary ASA, if I could get one.
However at this time it doesn't look like that is going to happen so I was looking for the 2nd scenario.
Thanks,
Davidt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide