Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

redundant internet with firewall asa 5515-x

redundancy internet with firewall ASA 5515-X.jpg

Hi any one,

I have the diagram:

LAN -- Core Switch 3750X -- Firewall ASA 5515X  --- MPLS --- Firewall ASA 5515X --- LAN

I configure Site to site VPN through MPLS line.

Now, I have one question:

How can I configure the firewall that comply with the above diagram means if the active link dies, firewall forward the packet to the standby link ?

Please answer me.

Thanks,

Vo

Version history
Revision #:
1 of 1
Last update:
‎11-29-2012 11:31 PM
Updated by:
 
Labels (1)
Comments
Cisco Employee

Hello Vo,

When failover will happen, IP and Mac-address will be swapped between Primary and Secondary unit. So tunnel between P-P ASA should move to P-S ASA.

Thank you.

New Member

Thanks for your answer.

I will configure Firewall with mode Active - Passive to Site to site VPN between 2 Site.

Howerver, with mode Active - Passive, if the active link dies, all packet will run on the standby link or all packet will be dropped?

Vo Vo

Cisco Employee

Hello Vo,

Packets will be dropped, since we need to establish new ipsec tunnel.

Thank you.

New Member

Ok, another question: if the active link dies, firewall will route the packet to the stanby link automatic or we must configure manual.

Thanks for your supports.

Cisco Employee

Hello,

Firewall will route the packets to standby automatically cause it will be owner of address which is specified in the peer, no manual intervention is required.

Please rate helpfull posts

New Member

Thank you very much.