Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

2 sites with ASAs, same public subnet, can they share a virtual IP?

We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby).     The new site will be primary, and the previous site will be failover.  We want to have one IP for users to VPN into, regardless of which site is 'up'.  Can ASAs do this?  I've enclosed a pic (public IPs replaced) to clarify.  Any comments or info is greatly appreciated.

Colo-ND.png

2 REPLIES
Hall of Fame Super Blue

Re: 2 sites with ASAs, same public subnet, can they share a virt

Jbiederstedt wrote:

We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby).     The new site will be primary, and the previous site will be failover.  We want to have one IP for users to VPN into, regardless of which site is 'up'.  Can ASAs do this?  I've enclosed a pic (public IPs replaced) to clarify.  Any comments or info is greatly appreciated.

John

As far as i know this cannot be done because you can only have 2 firewalls in a failover pair. You cannot use 3 firewalls in the same failover group.

You could run active/standby between the 2 sites as long as you have a L2 link between the sites which it looks like you do but then you would only have one ASA in each location.

Jon

Re: 2 sites with ASAs, same public subnet, can they share a virt

198
Views
0
Helpful
2
Replies
CreatePlease to create content