Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Redundant Interface malfunctioning?

Hi all,

we recently tried to implement an architecture with ASA Redundant Interface, but we experienced some issues and had to rollback. This is the scenario:

- 2 Active/Standby ASA 5580 (rel 8.2.1) firewalls

- 2 routers connected on the frontend of ASAs

- each ASA is connected through a double physical link to the 2 routers: one link to each router and the 2 links belonging to a same Redundant Interface

- the 2 routers are frontend next hop for ASA and they also give L2 for ASA thanks to a channel interconnecting them

RTR1 == == RTR2

   |      \     /      |

   |        \ /        |

a|        /  \       |a

   |    b /     \ b  |

ASA1        ASA2  

The normal condition is: having HSRP Active on RTR1, ASA2 Primary Active and link 'a' on ASA2 Active.

Now, both the links on Primary Active ASA were 'up' but ping from ASA2 to HSRP didn't work at all, as soon as link 'a' was forced down, link 'b' went active and ping between ASA2 and RTR1 began working.

Do you have any idea why the connectivity between ASA2 and RTR1 (HSRP active) through active link 'a' and trunk RTR1-RTR2 didn't work?

Thanks a lot for any help/idea