I am redesigning our border and we have two 2921 routers that are at the edge because we are terminating BGP there. The routers have HSRP configured on the ISP side and each router has one connection to one of the ASA5550. The ASA are running in active/standby configuration.
I've a included a picture. My question is if 2921-1 looses it's internet connection 2921-2 takes over due to HSRP. At this point how does ASA5550-1 know to swap to the standby node? Wouldn't it think that it's connection to 2921-1 is still good? My 2921s only have 3 ports. I'm using 1 for ISP, 1 for ASA connection and 1 for Managment.
the solution to your network is to connect the 2921 routers and the ASAs to a shared L2 VLAN using a switch you may use a stackable switches for increased redundancy in this way HSRP VIP can be reach by any of the firewalls in case of router down it can be handled automatically
for improved design you may need to add a link between the routers and run between them iBGP so incase of a link down only you will not blackhole outbound traffic
I know the basics for Cisco routers and switches but what I want to know is, if I set up VTP on a switch, is there a way to send it through routers to other switches? This will probably end up more hassle than gain, but it's interesting and cool to p...