Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is virtual IP possible ? in ASA

not the loopback if your thinking of that !!

can we configure 2 asa's to listen to same logical IP address ie.. from the below diagram router would route to the ASA on 1 logical Ip

two interface of asa would have the physical Ip !

Looks like Harp and Vrrp not supported in asa If i am not wrong any suggestions ?

ASA -----ASA

| |

---------------Switch

| |

Router router

2 REPLIES
Cisco Employee

Re: Is virtual IP possible ? in ASA

You are right. Features like HSRP, VRRP, GLBP are not supported on the ASA. If you have 2 ASAs in failover they share the same ip address, but only the active is taking passing the traffic. The do no pass traffic at the same time.

Now if you go in a more complicated scenario with an active/active context you can have 2 units passing traffic at the same time. But still these are different virtual firewalls that have different policies.

To summarize, HA pairs as know from IOS is not supported on ASAs in the same way.

I hope it helps.

PK

Re: Is virtual IP possible ? in ASA

In addition to PK comments, using your same network diagram if you have your two routers either behind or in front of ASA speaking HSRP you can have your ASA use that virtual IP.. say your internet edge routers Active/standby its HSRP IP can be your ASA default route.

Regards

2662
Views
0
Helpful
2
Replies
CreatePlease login to create content