cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
727
Views
3
Helpful
6
Replies

ASA failover design and configuration help needed !!!

balaji090
Level 1
Level 1

Hi Any one if they could help me here on the mentioned design below it would be of gr8 help.The wan connectivity is Active,Passive !!

the things I would like to know is.

***I want to configure the ASA and the router for high availablility. DO i need to bring in the switch between the ASA's and the router 2851.If so how do i do that ? Do i need to put 2851's and the ASA's in the same vlan? or lil confused on that .....

*** Also I need some help on the asa configuration Part .

6 Replies 6

apdatasoft
Level 1
Level 1

Hi Balaji,

I suggest two L3 switches in between the ASA and the 2851 router. Run a HSRP between the two switches for Redundacy (Full Pledged redundancy on the WAN edge). Run a dynamic routing protocol (EIGRP or OSPF if OSPF supported by the IOS: choice is urs) inbetween the routers, switches and ASA. Please have a look at the diagram i have attached. U could be more clear.

Regards

AP

Hi Ap ,

I dont have a L3 switch to place it inbetween the 2851 and ASA ......

Can I use the L2 instead ?

in that case Will i be able to run HSRP ?

Yes,

L2 switch can be used instead of L3 switches. Interlink the L2 swithces with trunk, so that the routers understand for building HSRP.

Regards

AP

Hey AP thanks a lot for your respone on this !!!

Well if i have to configure the HSRP that would be on the router interface if I am not wrong ....then how would the asa failover work ??

id :balaji.rajesh@gmail.com

Hi Balaji,

Yes HSRP on the Routers interfaces connected to L2 swithces. ASA's also should be interconnected using a cross cable as per the diagram attached (Tip: u can use the management interfaces of the ASA to create failover interface).

Regards

AP

Hi In this design I have the 2851 router connecting to the wan has etheret interface can I track this ?? in HSRP i guess we can do the tracking only for serial

any solution for the ethernet ???

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: