Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA failover design and configuration help needed !!!

Hi Any one if they could help me here on the mentioned design below it would be of gr8 help.The wan connectivity is Active,Passive !!

the things I would like to know is.

***I want to configure the ASA and the router for high availablility. DO i need to bring in the switch between the ASA's and the router 2851.If so how do i do that ? Do i need to put 2851's and the ASA's in the same vlan? or lil confused on that .....

*** Also I need some help on the asa configuration Part .

6 REPLIES
New Member

Re: ASA failover design and configuration help needed !!!

Hi Balaji,

I suggest two L3 switches in between the ASA and the 2851 router. Run a HSRP between the two switches for Redundacy (Full Pledged redundancy on the WAN edge). Run a dynamic routing protocol (EIGRP or OSPF if OSPF supported by the IOS: choice is urs) inbetween the routers, switches and ASA. Please have a look at the diagram i have attached. U could be more clear.

Regards

AP

New Member

Re: ASA failover design and configuration help needed !!!

Hi Ap ,

I dont have a L3 switch to place it inbetween the 2851 and ASA ......

Can I use the L2 instead ?

in that case Will i be able to run HSRP ?

New Member

Re: ASA failover design and configuration help needed !!!

Yes,

L2 switch can be used instead of L3 switches. Interlink the L2 swithces with trunk, so that the routers understand for building HSRP.

Regards

AP

New Member

Re: ASA failover design and configuration help needed !!!

Hey AP thanks a lot for your respone on this !!!

Well if i have to configure the HSRP that would be on the router interface if I am not wrong ....then how would the asa failover work ??

id :balaji.rajesh@gmail.com

New Member

Re: ASA failover design and configuration help needed !!!

Hi Balaji,

Yes HSRP on the Routers interfaces connected to L2 swithces. ASA's also should be interconnected using a cross cable as per the diagram attached (Tip: u can use the management interfaces of the ASA to create failover interface).

Regards

AP

New Member

Re: ASA failover design and configuration help needed !!!

Hi In this design I have the 2851 router connecting to the wan has etheret interface can I track this ?? in HSRP i guess we can do the tracking only for serial

any solution for the ethernet ???

287
Views
3
Helpful
6
Replies
CreatePlease to create content