Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
3
Replies

ASA routing failover

fortis123
Level 1
Level 1

‎01-30-2008 12:11 PM

All,

ASA5510 with gig0/0 to Internet . Gig0/1 -> Inside network. In the LAN I have qty#2 3560 with enhanced image and servers with Dual NIC for redundancy.

I want to VLAN the n/w and use OSPF as routing protocol. Iam planning to create a Etherchannel between the 2 switches and run OSPF also.

Planning to have HSRP failover for Servers from Switch1 to switch2.

Now from Switch1 , port1 connects to ASA gig 0/1, but incase if Sw1 fails, with HSRP functioning, SW2 will takeover

the traffic, how the servers can go online dynamically ?

Thanks in advance

MS

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎01-31-2008 02:44 PM

Mehboob,

Looking at your topology and your concern I would recommend to have your ASA5510 inside interface participate in OSPF as well and have ASA5510 inject default route down stream to your OSPF neighbors which are your switches.

Your servers default gateway will be your defined HSRP ip address on your SVI interfaces in switches , if SW1 fails servers will continue connectivity provided by HSRP, and as indicated before your defaul route will be injected by ASA firewall via default information originate statement in ASA and continue outbound internet connectivity.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

fortis123
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-01-2008 07:12 AM

Hi Jorge,

Thank you for your reply. But at this time SW2 is not directly connected to ASA. Yesterday, I have completed the VLANs and here is existing Scenario:

Vlan 10: Network management1

Vlan15: Servers

Vlan20 :ILO

SW1 gig0/10 -- Vlan 10 --> ASA gig0/1

SW1 & SW2 --> EtherChannel Via gig 0/47 & 0/48

SW1 & SW2 : has HSRP for Vlan15 and 10.10.10.1 is hsrp ip for all servers.

SW1 is active switch/gateway.

SW1 & SW2 has OSPF enabled with netwroks

for Vlans and default route points to ASA Inside interface.

ASA: enabled with OSPF(with its gig0/1 interface info only) and learning servers via OSPF.

So as now only SW1 port is connected to ASA, incase if SW1 fails how can use/configure SW2 for Automatic failover .

I have 2 interfaces on ASA avialable for use.

May be wrong but here what Iam thinking:

*************************************

1. create another vlan on 3560-S2 ex:

Vlan11

2. Configure ASA gig0/2 with ip :

10.10.11.4 255.255.255.0 and with Same

security level as Inside

3. Connect the gig0/2 on ASA to 3560-S2

vlan11 port.

4. configure OSPF on ASA with 10.10.11.4

information and 'nat' statement on ASA

5. configure another static route on 3560-

S2 as :

ip route 0.0.0.0 0.0.0.0 10.251.26.4 200

******************************************

Will you please review and advice ,the best way with necessary commands for ASA.

Thank you in advance

MS

0 Helpful

fortis123
Level 1
Level 1
In response to fortis123

‎02-05-2008 07:15 PM

any takers...???

Thank you

MS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents