Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Firewall and Router HSRP peers

I have a need for out-of-the-box setup.

I need my ASA5520 and Cisco 2821 router to peer via HSRP.

The ASA5520 should always be ACTIVE and processing ALL traffic unless the ASA5520 is down (determined via IP SLA, BOOLEAN logic) and then the router becomes the active peer.

Anytime the HSRP peer router is active, the router should forward traffic to the backup site.

The backup site will have the same setup as primary so both site can be active/active full time.

Asymetric routing issue will not be an issue in this specific case but thanks for thinking about this issue too.

FYI, I have pasted this in firewalling fourm too.

Comments please!!!

Thanks

Frank

1 REPLY
Hall of Fame Super Blue

Re: Firewall and Router HSRP peers

fsebera wrote:

I have a need for out-of-the-box setup.

I need my ASA5520 and Cisco 2821 router to peer via HSRP.

The ASA5520 should always be ACTIVE and processing ALL traffic unless the ASA5520 is down (determined via IP SLA, BOOLEAN logic) and then the router becomes the active peer.

Anytime the HSRP peer router is active, the router should forward traffic to the backup site.

The backup site will have the same setup as primary so both site can be active/active full time.

Asymetric routing issue will not be an issue in this specific case but thanks for thinking about this issue too.

FYI, I have pasted this in firewalling fourm too.

Comments please!!!

Thanks

Frank

Frank

ASAs don't run HSRP so you can't run HSRP between the routers and the firewalls.

You can run IP SLA on the router and track a default route on the router pointing to the ASA.  You can use a static default route on the router with an AD > 100 pointing to the backup site.  If the ASA is up the default route pointing the ASA will be used. If the ASA goes down IP SLA will remove the default route and then the floating static ie. the default route with an AD > 100 will be installed in the routing table and traffic will be sent to the backup site.

Jon

268
Views
0
Helpful
1
Replies
CreatePlease to create content