We are adding a new 6509 switch B to use for redundancy of current 6509 switch A using HSRP. Currently, we have 2 ASA firewall units configured as active/standby failover single mode. Both ASA units connects to switch A at this time. We are planning to relocate the connection of ASA standby unit to the new 6509 switch B. What would be the best way to configure the ASA units for redundancy if switch A fails and traffic goes thru switch B. Will the ASA standby unit automatically start passing trying? Please advice.
if the ASA pair is configured in an active/standby configuration then you can have asa 1 ( active ) connect to the active interface of the hsrp switch and then the standby asa interface to the standby hsrp interface ( no priority load balancing on hsrp ). In the event of the switch a ( active hsrp ) faileur, the asa will failover as one of the interface of the active firewall will fail and the secondary will take over.
another senario could be , have redundant interfaces on the asa and have them connect to different switches ( redudant interfaces are generally used for interface faileur redundancy ). i do not know for sure how redundant interfaces will work with hsrp interfaces ( never configured that in that senario) , but never the less i have seen people using it with plain L 2 switches in between their firewalls and distribution/core switches.
Thanks for the feedback. So the first open you provided does not need additional configurations on the ASA? Once switch A fails, ASA standby will become active and as a result would carry the traffic load?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...