cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
0
Helpful
3
Replies

5510 Wan Failover

ccabacungan
Level 1
Level 1

Hi -

I recently purchased 2 ASA 5510's. I also have two ISP connections. How do i configure the two devices to perform WAN failover for each other? I have read the documents online but the active/active failover document seems to apply only to LAN based failover, not WAN based. Thanks.

Cris

3 Replies 3

guibarati
Level 4
Level 4

LAN based means that the exchange of information between two ASAs will be done through the LAN, (instead of the old failover cable, available only for PIX).

sorry - yes, you are absolutely right on. let me clarify my question - I have 2 isp's. if i configure the 2 ASA's according to the cisco docs (active/active failover) with 2 security context - if ISP1 goes down, then the security context using ISP1 will also go down because the standby IP is also using the same ISP - which is exactly what i don't want.

You can install, ISP1 in the two contexts of ASA1 and ISP2 in the two contexts of ASA2.

Leave context1 active in ASA1 and standby in the ASA2 and vice-versa. So If One ISP goes down the context will go down on that ASA but will be active in the other one.

Some more things to consider. Why would you still use this context if the ISP is down?

Other very important thing, usually when ISP connection goes down it's not the directly connected ASAs interface, so, for ASA the "ISP" will be always UP, will goes down only if it's ethernet port goes down.

I trully recomend you using a router to the ISP redundancy, with router protocol or RTR.

Review Cisco Networking for a $25 gift card