This is a design requirement. Please find the attached two network diagram, one is Logical Diagram (HA Design.pdf) and Other is the Physical wiring of this Logical Design Diagram (HA Design - Physical wiring.pdf)
As you can see all the devices are dual like I have 2 Cisco ASA FW, 2 Cisco 1841 Router, 2 Cisco 3560 L3 switch and 2 Cisco 2960 switch. This is to achieve High Availability in the devices and avoid single point of failures
As refered in Diagram (HA Design - Physical wiring.pdf) is this the way devices has to be connected. If yes, then again there is a single point of failures in the HUB-1 and HUB-2.
I am worried whether I am following the Industry standard for achieving HA Network.
Yes you are right in that the hubs are a single point of failure.
The hub between the inside interfaces of the ASA's and the 3560 switches - this isn't needed. Just connect your ASA's directly to the 3560 switches instead and you have removed one of the single points of failure.
As for the hub on the outside - ideally you will need to replace it with a pair of L2 switches if at possible.
Thanks for your reply. After reading your suggestion, I understood the way. Yes, i can connect ASA directly to 3560 switch, like ASA-1 will be connected to 3560-1 and ASA-2 will be connected to 3560-2.
I need not connect ASA-1 to 3560-2 and ASA-2 to 3560-1, & still achieve the HA redundancy using health monitoring in ASA.. Is this correct?
But i donot understand how the single point of failure can be avoided in HUB between ROUTER & ASA. I think i can configure BVI interface in the Router (if it has 2 Fastethernet)and connect to cables in the two different HUBs.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...