Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Need Help in Desinging the Setup

Hi All,

We got a Proposal to design a Setup and we need some guidelines in setting up the same. Below are the Points we need to fulfill.

1) All the Core Devices (L3 Switch,Firewall and Router) should have redundancy.

2) A Site to Site Tunnel has been build on the ILL Link and again both should act act as a Backup if any of the Link as well as Tunnel down cases. (Assume that the destination is same for the two tunnels)

Kindly help me in providing some guidelines like:

Is any dyanmic routing i need to use between the core devices or static routing with higher AD.

Is it possible to track the Tunnel interface ( IP SLA for IPSEC) , If yes, need configuration example.

Where can i use HSRP in between the setup to provide the redundancy ?

Is there any other changes i need to do to achieve the below setup ?

Attached a Sample diagram where we are planning to do the setup. please refer and let me know your ideas.

Thanks and Regards,



Need Help in Desinging the Setup


For the firewall components of your design I suggest that you consult the following guide on firewall high availability (HA).

See Figure 60-3 as a guide. You don't have a failover link shown between your firewalls for example in the diagram supplied.

Your diagram shows Layer 3 switches with uplinks to the firewalls. Don't forget that in order to configure a pair of HA firewalls the inside interfaces of both devices need to be on the same subnet.

Don't forget to rate posts that are helpful.