Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

two firewalls and two different ISP failover setup

I would like to configure two firewalls on two different ISP as a failover setup.

I normally set the firewalls as primary and standby.

The goal would be to detect the outage and failover to the secondary but I do not want the configurations sync because of different network IP settings from the different firewalls.

Active Active would be fine but I only want to use one block of routable IP addresses which is through the primary. BGP is not an option or configuration of the internet routers.

Can someone please provide me some failover options that I can use in this setup?

Is a partial primary / standby configuratiuon an option?

In a shutshell I only want the inside interface to sync

Thanks,

Juan

3 REPLIES
Cisco Employee

Re: two firewalls and two different ISP failover setup

Hi Juan,

Try to use the OSPF internally between your two ASAs and redistribute the default route with different metrics.

Best Regards,

New Member

Re: two firewalls and two different ISP failover setup

Hi Renato,

I think I will connect ISP A Firewall to ISP B firewall over a dedicated Ethernet interface and use SLA to monitor the WAN IP of ISP A and send the default route to ISP B if the ISP A WAN is not reachable.

For the servers I will configure multiple gateways and workstations use DHCP to deploy multiple gateways.

The primary Gateway will be ISP A and secondary will be ISP B.

The high-level design is dual ISP, dual Firewalls, and dual internal switches.

The switches do not support OSPF, only basic routing, and no gateway redundancy such as HSRP or VRRP.

My main concern is the gateway redundancy for the access devices internally.

Any thoughts?

Thanks,

Juan

Cisco Employee

Re: two firewalls and two different ISP failover setup

Hi Juan,

As your switches don't have L3 support, it is mandatory the usage of a L3 equipment between your ASAs and your L2 switches.

Br,

313
Views
0
Helpful
3
Replies
CreatePlease to create content