Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover Sceanario (Multihoming and ASA HA pair)

I am stuck in a failover scenario,

I have ASA HA pair and there two upstream PE routers and two downstream PE routers. PE routers running HSRP and peoblem happening is as ASA HA Pair run different IP address both on primary and secondary ASA with different IP address not a virtual address like Juniper . We need to make a solution to run some kind of mechanisum to track state of HA pair and up and down stram PE routers state as well. I wonder can someone assist me on this as ASA Ha pair don’t support VRRP type stuff to easy the scenario.

(PE)                 (PE)

|                        |

|                       |

ASA1---HA----ASA2

|                       |

|                        |

(PE)                 (PE)

I understand that PE can run HSRP to run the state but how we control the HA state as we can't run VRRP to contrl and sync it with HSRP state of PE routers.

5 REPLIES

Failover Sceanario (Multihoming and ASA HA pair)

Hello Khalid,

I  understand that PE can run HSRP to run the state but how we control the  HA state as we can't run VRRP to contrl and sync it with HSRP state of  PE routers.

What do you mean how they control the HA state?

I mean they can track the state of an interface, routes from the routing table, etc.

Let me know if I understood correctly

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Failover Sceanario (Multihoming and ASA HA pair)

How HSRP come to know which firewall is active and where it need to send the traffic? as both ASA's have different ip address on the outside interfaces. Keep in mind there isn't any routing protocol running. IF you generlly tell me how you would control this situation if you have to drive a solution for this?

according to diagram?

Failover Sceanario (Multihoming and ASA HA pair)

Hello Khalid,

Hmm, here is how the network should look like:

HSRP1             HSRP2

  |                         |

  |______Switch________|

             |

             |

ASA1__|__ASA2

So as you can see Failover keepalive/hello packets will be exchanged between the devices via the L2 switch for both the ASA and the HSRP cloud so whether one device fails the other peer on the cluster will be back.

So there is no need to switch the HSRP cloud peer whether the primary or secondary ASA fails?

Do U follow me?

Regards,

Jcarvaja

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Failover Sceanario (Multihoming and ASA HA pair)

can you please give me a coding example to understand how bits tie together so that i can test in my lab thanks.

Failover Sceanario (Multihoming and ASA HA pair)

Hello Khalid,

The configuration would be the same,

What you need to understand at this point is the L2 network and how it will work,

Regards,

Jcarvaja

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
242
Views
0
Helpful
5
Replies