Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
142
Views
0
Helpful
1
Replies

Looking for Recommendation for Redundant or Backup ISP configuration: ASA 5510

Christian Joseph
Level 1
Level 1

‎06-03-2014 08:14 AM - edited ‎03-11-2019 09:16 PM

 

Good Day,

 

Currently I have two ASA 5510's version 8.2(5) with the security plus license in my environment. These are configured to failover with the SAME ISP in the event of hardware failure. We are currently trying to introduce ISP backup configuration. I've already engaged ISP's for services, However, I was wonder what this configuration may entail additionally. Can anyone advise on a best practice/configuration  in this regard?

I am trying to achieve high availability for services provided by another company location. Looking forward to any assistance that can be provided.

 

Thanks much.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2014 08:31 AM

Cisco has a whitepaper on setting this up. It's a bit dated but mostly applicable.

With an HA pair of ASAs, we typically setup a switch (or stack for higher availability) between the HA pair and upstream routers. Other than that, the whitepaper is followed.

The only significant issue is whether you have any incoming services exposed via public IP and don't have you own provider-independent address block. In that case, you need to account for how those services will be reachable in the event that your are using the address of your secondary provider. This usually involves some DNS changes or other such work.

Some people offload the whole setup to an external device like a FatPipe Warp appliance.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card