Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

ASA5520 and Cisco 2821 HSRP peers

I have a need for out-of-the-box setup.

I need my ASA5520 and Cisco 2821 router to peer via HSRP.

The ASA5520 should always be ACTIVE and processing ALL traffic unless the ASA5520 is down (determined via IP SLA, BOOLEAN logic) and then the router becomes the active peer.

Anytime the HSRP peer router is active, the router should forward traffic to the backup site.

The backup site will have the same setup as primary so both sites can be active/active full time.

Asymetric routing issue will not be an issue in this specific case but thanks for thinking about this issue too.

FYI, I have pasted this in Routing and switching fourm too.

Comments please!!!

Thanks

Frank

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA5520 and Cisco 2821 HSRP peers

Hello,

The firewall cannot participate in HSRP. In order to achieve what you are

looking for, the best approach in my opinion is to configure the router as

default gateway for your network. On the router you can configure a floating

default route pointing to the ASA and have another default route that points

to the remote site. You can track connectivity to ASA's default gateway

through IP SLA. So, if the ASA goes down the object tracking will force the

router to remove the floating static route and send all traffic to remote

destination.

Hope this helps.

Regards,

NT

1 REPLY
Cisco Employee

Re: ASA5520 and Cisco 2821 HSRP peers

Hello,

The firewall cannot participate in HSRP. In order to achieve what you are

looking for, the best approach in my opinion is to configure the router as

default gateway for your network. On the router you can configure a floating

default route pointing to the ASA and have another default route that points

to the remote site. You can track connectivity to ASA's default gateway

through IP SLA. So, if the ASA goes down the object tracking will force the

router to remove the floating static route and send all traffic to remote

destination.

Hope this helps.

Regards,

NT

307
Views
0
Helpful
1
Replies
CreatePlease to create content