Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Connecting an ASA to 2 internal Level 3 switches

We have an ASA and two internal switches.  The switches are set up with HSRP for redundancy.

I was wondering if/how it is possible to physically connect both of these switches to the one ASA which is connected to our internet connection.

This way if one of the switches fails we would still have internet.

Is this possible?  How would you do it?

Thank you,

Davidt

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Connecting an ASA to 2 internal Level 3 switches

You can also look into 'redundant interface configuration' on the asa side , if you are not planning to buy a failover asa. another option could be having the single asa configured in to multiple context.

thanks

Manish

New Member

Re: Connecting an ASA to 2 internal Level 3 switches

If u have free physical interface in your ASA you can configure Redundant interface

For example let say you have two interface

fa0/1 and fa0/2

interface FastEthernet0/1
no nameif
no security-level
no ip address

interface FastEthernet0/2
no nameif
no security-level
no ip address

interface Redundant1
member-interface FastEthernet0/1
member-interface FastEthernet0/2
nameif inside
security-level 100
ip address x.x.x.x x.x.x.x

By default, the active interface is the first interface listed in the configuration

If you shut down the active interface, then the standby interface becomes active . it is able to change forcefully also

FastEthernet0/1 you can connect to first switch and FastEthernet0/2 you can connect second switch

But advisable solution is that configuration the ASA failover pair this will solve hardware failure issue also

hope this is help full for you

Regard

4 REPLIES
Cisco Employee

Re: Connecting an ASA to 2 internal Level 3 switches

You should setup for 2 X ASA in failover, One ASA connected to one switch, and the 2nd

to the other switch. With the 2 switches trunked.

Regards,

Re: Connecting an ASA to 2 internal Level 3 switches

You can also look into 'redundant interface configuration' on the asa side , if you are not planning to buy a failover asa. another option could be having the single asa configured in to multiple context.

thanks

Manish

New Member

Re: Connecting an ASA to 2 internal Level 3 switches

If u have free physical interface in your ASA you can configure Redundant interface

For example let say you have two interface

fa0/1 and fa0/2

interface FastEthernet0/1
no nameif
no security-level
no ip address

interface FastEthernet0/2
no nameif
no security-level
no ip address

interface Redundant1
member-interface FastEthernet0/1
member-interface FastEthernet0/2
nameif inside
security-level 100
ip address x.x.x.x x.x.x.x

By default, the active interface is the first interface listed in the configuration

If you shut down the active interface, then the standby interface becomes active . it is able to change forcefully also

FastEthernet0/1 you can connect to first switch and FastEthernet0/2 you can connect second switch

But advisable solution is that configuration the ASA failover pair this will solve hardware failure issue also

hope this is help full for you

Regard

New Member

Re: Connecting an ASA to 2 internal Level 3 switches

Thanks for all your answers.

I'd love to configure failover to a secondary ASA, if I could get one.

However at this time it doesn't look like that is going to happen so I was looking for the 2nd scenario.

Thanks,

Davidt

216
Views
0
Helpful
4
Replies
CreatePlease to create content