Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1253
Views
0
Helpful
6
Replies

2 X ASA's Failover - Only one ISP

Go to solution
jaishaan14
Level 1
Level 1

‎10-14-2012 03:39 AM - edited ‎03-12-2019 06:04 PM

Hi all,

Got a pair of 5540 ASA's and would like to fo some high availibility to guard against disaster, however the design has only one internet link that is terminated on the OUTSIDE interface, public IP being on a /30.

Im trying to come up with a solution, other than swinging the cable when there are issues.

Any ideass other than buying a new pipe!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-14-2012 03:44 AM

You can connect the outside interface of both ASA and the internet link to a switch, and you can have the ASA running in failover pair.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jaishaan14

‎10-15-2012 04:10 AM

Yes, you can still configure the ASA in failover mode even though you don't have spare ip address for the outside interface.

The only thing that you can't do is monitor the outside interface for failover and you would need to disable monitoring on that outside interface because you don't have a spare ip address.

However, all other interfaces can still be monitored for failover and also if the ASA has hardware failure, it will failover to the standby ASA.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-14-2012 03:44 AM

You can connect the outside interface of both ASA and the internet link to a switch, and you can have the ASA running in failover pair.

0 Helpful

Go to solution
jaishaan14
Level 1
Level 1
In response to Jennifer Halim

‎10-14-2012 03:48 AM

Kind of thought that was my only option Just means having to source some switches now, which may not be that easy, given budget.

If I do get them configuration wise, is it just creating a dedicated VLAN for those 3 interfaces?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jaishaan14

‎10-14-2012 01:25 PM

Since budget is an issue, I would suggest that get the cheapest L2 switch (doesn't need to be L3 switch at all) as all you need is connecting the 3 ports to the same VLAN. Doesn't even have to be a switch with VLAN capabilities (but switch nowadays probably does have that by default). But in any case, you can just plug those 3 ports into the switch without any configuration on the switch as that is how basic you would need the switch to be in your case

0 Helpful

Go to solution
alenvasic
Level 1
Level 1
In response to jaishaan14

‎10-15-2012 12:15 AM

Also you will need to extend that outside /30 to /29 because you will need extra IP for stanby ASA interface...

0 Helpful

Go to solution
jaishaan14
Level 1
Level 1
In response to alenvasic

‎10-15-2012 02:09 AM

Yes - This appears to be where I was missing the config parrt, hence the quesion on how configure this on a switch.

I know I will need a /29 and this is something I dont have and can't have I have been told this today. So without this, is it fair to say this will not work?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jaishaan14

‎10-15-2012 04:10 AM

Yes, you can still configure the ASA in failover mode even though you don't have spare ip address for the outside interface.

The only thing that you can't do is monitor the outside interface for failover and you would need to disable monitoring on that outside interface because you don't have a spare ip address.

However, all other interfaces can still be monitored for failover and also if the ASA has hardware failure, it will failover to the standby ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card