cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1656
Views
0
Helpful
11
Replies

gateway redendancy between cisco ASA 5520 and cisco 2811

power.srvi
Level 1
Level 1

hi all,

actually im using a cisco asa 5520 as a default gateway to acessin/ publishing in the wan.

i have a cisco 2811 configured to replace the cisco asa in a case of problem, but the switch is made manually.

my lan switch is a 2 3560e configured with hsrp, so it is possible to make redendancy( failover)  between the cisco ASA 5520 and the cisco 2811 using a hsrp or other technic.

regards

2 Accepted Solutions

Accepted Solutions

Hi,

Well, looks like you have only one internet line hooked up to ASA. So, doesnt see a point to have redundancy in terms of device when you have only one line available (i.e you always needs to swap across your internet line on another device).


Thanks

Vivek

View solution in original post

I do not believe that it is possible to configure any automatic failover between the ASA5520 and the 2811. And with a single Internet link it would limit any redundancy possibilities.

If you had two ASAs then you could look at configuring them as a failover pair and achieve redundancy that way. If you had two 2811s you could configure them with HSRP and achieve redundancy. But with 1 ASA5520 and one 2811 I believe that your only option for failover is the manual swap of connections.

HTH

Rick

HTH

Rick

View solution in original post

11 Replies 11

cadet alain
VIP Alumni
VIP Alumni

Hi,

what do you want to know exactly? yes HSRP can track an interface and decrease priority of the active device so the standby device can take over. What else do you want to know?

Regards.

Alain

Don't forget to rate helpful posts.

so it is possible to make hsrp between 2 cisco different devices ?

Vivek Ganapathi
Level 4
Level 4

Hi,

If i understand your question correctly. You have the below requirement

1) You have a Cisco ASA5520 which is a default gateway. My question on this, do you mean all your PC's have the default gateway pointing to the internal interface IP ?

2) Incase of the failure of your ASA5520, you tend to manually replace this with Cisco 2811 router.

3) You also mentioned you have two 3560E series switches. If i consider that ASA is the default gateway for all your PCs then your 3560 is being used as a Layer 2 device.

Does your topology looks like this?

Thanks

Vivek


hi,

this is my actual topology

lan--->(DG 2x3560E HSRP)--ip segmment in-->cisco ASA5520-->internet

and this what im lookin for

lan--->(DG 2x3560E HSRP)--ip segmment in-->cisco ASA5520 (primary) wan ip 1.1.1.1-->internet

                                                                   -->cisco 2811 (stby) wan ip 1.1.1.1-->internet

regards

I do not believe that the ASA supports participation in HSRP. I searched the config guide for ASA and the only mention of HSRP was in how to allow HSRP frames to pass through the ASA when configured in transparent mode. So I believe that you will not be able to achieve the automated failover between the ASA and the 2811.

HTH

Rick

HTH

Rick

thanks Mr BURTS,

so there is no way to make fail over between those devices ?

regards

I do not believe that it is possible to configure any automatic failover between the ASA5520 and the 2811. And with a single Internet link it would limit any redundancy possibilities.

If you had two ASAs then you could look at configuring them as a failover pair and achieve redundancy that way. If you had two 2811s you could configure them with HSRP and achieve redundancy. But with 1 ASA5520 and one 2811 I believe that your only option for failover is the manual swap of connections.

HTH

Rick

HTH

Rick

thanks Mr BURTS,

you answer is so clear.

in all cases i will buy another cisco 5520 for makin a ha cluster.

so i have a question, if actually have my asa workin to add another asa to mail active passive cluster, the new asa will replicate all the actual configuration or i have to set up or copy manually ?

If you get another ASA5520 it is fairly easy to set it up in a HA failover pair. You only need a little bit of interface configuration on the second ASA so that the ASAs can communicate with each other. Then you activate failover. When this happens the backup ASA learns the configuration from the active ASA and then both ASAs share the same config. The active ASA will automatically copy any changes made in the config to the backup ASA so the config automatically stays in sync.

HTH

Rick

HTH

Rick

Hi,

Well, looks like you have only one internet line hooked up to ASA. So, doesnt see a point to have redundancy in terms of device when you have only one line available (i.e you always needs to swap across your internet line on another device).


Thanks

Vivek

hi,

i can get another internet link, but if i have another link to the same internet line it will be possible to get it work ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco