ASA 5505 and IOS

Unanswered Question
Jul 29th, 2010

I will be using an ASA on a customer site as a simple failover of an IOS based router mpls provider path. The ASA will have its own vpn tunnel path via a cable modem to the main HQ site for just one branch.

I wanted to automate the failover if the customer's branch router based wan circuit fails.

Does the ASA support HSRP/tracking or any other failover protocols between itself and another NON ASA device?

The docs do show support for failover and routing protocol options but no example with using an ASA and an IOS device as a single failover pair.

Any ideas are greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Thu, 07/29/2010 - 14:56


While ASA cannot participate in HSRP kind of scenario, you could do the


Step 1:

Configure the ASA as the default gateway for all the traffic

Step 2:

Connect the ASA and the router using a separate link

Step 3:

On the ASA, configure the router as default gateway with tracking option.

Step 4:

Configure a secondary route to same destinations through the ASA's outside

interface with lower metric.


This way, the ASA will send all traffic to the Router as long as the router

is active and if the router goes, down forward the same traffic via the VPN

tunnel. Alternatively, if you have another L3 device on the inside, you

could make that as the default gateway for your entire network and then do

route tracking on that.

Hope this helps.




This Discussion