Re: HSRP on ASA

Muhammad Amin Zia · ‎11-27-2018

Hello Experts -

I have Cisco ASA 5512 as a gateway appliance and an alternate router Cisco 2801. I need to use HSRP on ASA and on a router to work as a active stand-by. Primary gateway should always be ASA and if its inside interface attached with the switch gets down Cisco 2801 router starts acting as a gateway for my users. I just need fail over, I don't want load balancing. I have read that ASA does not support HSRP then suggest the fail over alternative in this case because I don't have two ASA for active and standby scenario.

Note : I need fail over between ASA firewall and a Cisco 2801 router. Diagram is attached for reference.

Marvin Rhoads · ‎11-27-2018

An ASA does not support HSRP in any manner.

You might be able to setup an ip sla operation on your user switch that flips the default route from the ASA to the router in the event that the internet becomes inaccessible via the ASA.

Muhammad Amin Zia · ‎11-27-2018

A switch is not using in layer 3 mode it is a layer 2 in which all users gateway has pointed to ASA. Is their any other solution?

Sheraz.Salim · ‎11-27-2018

as Marvin said, and taking his point further more as you have 3850 switch you can create a SVI on that switch.

please do not forget to rate.

Muhammad Amin Zia · ‎11-27-2018

Thank you Marvin for your reply, As I mentioned 3850 switch is in layer 2 mode and it is not working as a Layer 3 to establish IP SLA. Please suggest alternate solution.

Marvin Rhoads · ‎11-27-2018

Instead of "hot" standby, make it "warm".

If the ASA fails, move the cables from it to the router.

There's no free lunch here or some magic way to make an ASA 5512-X be automagically and transparently backed up by an old 2801 router. There may also be features in use on the ASA that the router does not support.

Muhammad Amin Zia · ‎11-27-2018

Hard fail over physically moving the cables has already been configured, Well thank you for the help.