Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
1
Replies

Cisco ASA Active/Standby L2 connectivity via routers

raza555
Level 3
Level 3

‎12-19-2013 02:05 AM - edited ‎03-11-2019 08:20 PM

Hi,

As per attached diagram ASA outside interfaces doesn’t have the L2 connectivity between ASAs and cable between the ASA outside routers has completely different network, thats the reason we cannot successfully PING the standby device outside interface but able to PING the standby device inside interface.

To resolve this issue , instead of introducing new hardwares of ROUTER with SWITCH MODULE or L2 switch between outside interfaces, please advise that can the below solution will be helpful;

IRB Bridging and using this on routers interfaces connecting to each other and as well as routers interfaces connecting to the firewall, as well as a BVI, to create both a logical Layer 2 path between firewalls and routers (Bridge Group) as well as an escape path from 192.168.1.0/28 towards other Layer 3 Domains (BVI Interface)

However,I have few queries from Breakfix perspective as below

       1) Does the IRB/BVI combo forward whatever Layer 2 Packets the ASAs use to speak to each other

             a. i.e. just because the IRB forwards HSRP, doesn’t mean it forwards <ASA Failover Protocol>

        2)       If it works, do we need/bother with the 10.10.20.1/30 Routed Link, or leave it configured without an IP address and just a member of the IRB (i.e. it just becomes a “Layer 2 forwarding” interface?

        3)       Is there a better way of doing this/is using a “Bridged HSRP Address”   

Labels:
Preview file
183 KB
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card