Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5505 and IOS

I will be using an ASA on a customer site as a simple failover of an IOS based router mpls provider path. The ASA will have its own vpn tunnel path via a cable modem to the main HQ site for just one branch.

I wanted to automate the failover if the customer's branch router based wan circuit fails.

Does the ASA support HSRP/tracking or any other failover protocols between itself and another NON ASA device?

The docs do show support for failover and routing protocol options but no example with using an ASA and an IOS device as a single failover pair.

Any ideas are greatly appreciated.

2 REPLIES
New Member

Re: ASA 5505 and IOS

The ASA doesn't support HSRP, but it does support SLA monitoring for tracking using pings.

Here is an example document for configuring SLA monitoring for backup ISP configuration.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Cisco Employee

Re: ASA 5505 and IOS

Hello,

While ASA cannot participate in HSRP kind of scenario, you could do the

following:

Step 1:

Configure the ASA as the default gateway for all the traffic

Step 2:

Connect the ASA and the router using a separate link

Step 3:

On the ASA, configure the router as default gateway with tracking option.

Step 4:

Configure a secondary route to same destinations through the ASA's outside

interface with lower metric.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration

_example09186a00806e880b.shtml

This way, the ASA will send all traffic to the Router as long as the router

is active and if the router goes, down forward the same traffic via the VPN

tunnel. Alternatively, if you have another L3 device on the inside, you

could make that as the default gateway for your entire network and then do

route tracking on that.

Hope this helps.

Regards,

NT

304
Views
0
Helpful
2
Replies
CreatePlease to create content