Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Looking for Recommendation for Redundant or Backup ISP configuration: ASA 5510

 

Good Day,

 

Currently I have two ASA 5510's version 8.2(5) with the security plus license in my environment. These are configured to failover with the SAME ISP in the event of hardware failure. We are currently trying to introduce ISP backup configuration. I've already engaged ISP's for services, However, I was wonder what this configuration may entail additionally. Can anyone advise on a best practice/configuration  in this regard?

I am trying to achieve high availability for services provided by another company location. Looking forward to any assistance that can be provided.

 

Thanks much.

1 REPLY
Hall of Fame Super Silver

Cisco has a whitepaper on

Cisco has a whitepaper on setting this up. It's a bit dated but mostly applicable.

With an HA pair of ASAs, we typically setup a switch (or stack for higher availability) between the HA pair and upstream routers. Other than that, the whitepaper is followed.

The only significant issue is whether you have any incoming services exposed via public IP and don't have you own provider-independent address block. In that case, you need to account for how those services will be reachable in the event that your are using the address of your secondary provider. This usually involves some DNS changes or other such work.

Some people offload the whole setup to an external device like a FatPipe Warp appliance.

41
Views
0
Helpful
1
Replies
CreatePlease to create content