Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

Reg:ASA DMZ

vasuramnet
Level 1
Level 1

‎06-22-2011 11:30 PM - edited ‎03-11-2019 01:49 PM

Dear ALL,

Iam Facing a strange problem is

I  have two ISP links terminated on two cisco 3845 routers from routers  two Lan switches from two switches to its came to two ASA-5580-20  firewalls,

in that firewalls i created one DMZ and MZ zones,In  that DMZ zone i have one application server and production server,For  application server i given one public ip to that server that ip belongs  to my ISP1 and production server i given one public IP that beongs to my  ISP2.

Now  the problem is when ever my ISP 1 is down my application server is not  accessing to the public users and when ever my ISP-2 is down my  production serveralso down

Plz let me know the automatic failover for this kind of problem

MY NETWORK DIAGRAM IS BELOW

Any tips will be appritiated

Labels:
Preview file
69 KB
0 Helpful
2 Replies 2

Anu M Chacko
Cisco Employee
Cisco Employee

‎06-23-2011 01:55 AM

Hi,

From what I understand this is expected. You are talking about the servers in the "trusted zone", right?

Could you clarify the issue that you're facing?

If you're trying to have the ASA load balace between the 2 ASAs, that is not possible. But if you're trying to have the ASA use one ISP when the other one is down, you can use SLA monitoring to do so. Here is a detailed document on how you can configure this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Let me know.

Regards,

Anu

P.S. Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks!

0 Helpful

mvsheik123
Level 7
Level 7
In response to Anu M Chacko

‎06-23-2011 07:07 PM

Hi,

Based on your posting..

"For  application server i given one public ip to that server that ip belongs  to my ISP1 and production server i given one public IP that beongs to my  ISP2."

So two servers got one public IP each from each ISP. When ISP1 goes down, as the public users still try to access the App server using ISP1 public IP ( or DNS name that resolves to ISP1 public IP), the access attempt will fail. Same is the case with production server. You need some kind of Dynamic DNS option to change the IP address of the servers so that the DNS resolves to the address of live ISP.

Other option - as you have 2 ISPs and 2 routers, you can go with BGP (setup procedure is little long but worth it) ;-). That way you can achieve automatic failover.

hth

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card