Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

redundant Links with asa firewall

Hi,

I am planning to implement have a collapsed core architecture with two core switch connected to two asa firewall. Can somebody guide me on the High availibility options that i have. Can i have two links connecting to a single asa firewall originating from both the core switch.

2 REPLIES
Hall of Fame Super Blue

Re: redundant Links with asa firewall

Naresh

"Can i have two links connecting to a single asa firewall originating from both the core switch."

This is not typically what you would do. 2 interfaces on the same ASA cannot be in the same IP subnet and so the interfaces would need to be in different subnets.

If you want to use active/standby as shown in your diagram then you would be better off removing the cross connects between the core switches and the ASA firewalls so core1 connects to ASA1 and core2 connects to ASA2 on the inside interfaces of the ASA's. You still need to have a separate pair of interfaces for stateful failover.

Then assuming ASA1 is active

1) if core1 dies ASA2 becomes active

2) if the link from core1 to ASA1 goes down ASA2 becomes active

This assumes that the link between your 2 core switches is a L2 trunk. If it is L3 routed link then the above would not apply.

Jon

New Member

Re: redundant Links with asa firewall

VSS is probably an option if core devices are 65xx.

1129
Views
0
Helpful
2
Replies