Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1718
Views
0
Helpful
4
Replies

ASA 5506X failover with object tracking

Go to solution
haintnsl
Level 1
Level 1

‎04-12-2019 09:28 AM

Dear all,

I am doing installation a network infrastructure as the attached picture. Our purpose is to track a status (working or goes down) of the border router (ISR4321-R1)  or remote connection between ISR4321-R1 and KOR-RT1 (up or down). In case one of these conditions occurs, the active firewall (ASA5506-FW1) will be standby and then the standby (ASA5506-FW2) will take over. I don't know how to do it. Is there any solution for this requirement?

 

Thank you all very much!

 

 

1 person had this problem
Labels:
Preview file
31 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
joseph.h.nguyen
Level 1
Level 1
In response to haintnsl

‎04-13-2019 11:57 AM

Sorry, I can't help.  I don't have the time or the resource (lab) to explore such a request.  Not sure the reasoning behind failovering to standby firewall during your described scenarios.  For simplicity, I would use routing protocol for network resiliency when either R1 and/or KOR-R1 becomes unresponsive.  Maybe a community member has done something similar to yours and willing to share.  

View solution in original post

0 Helpful
4 Replies 4

Go to solution
joseph.h.nguyen
Level 1
Level 1

‎04-12-2019 05:51 PM

Have you considered using HA on your two ASA's?  It makes firewall administration more efficient and removing the SLA tracking requirement but you may have to configure OSPF to react to sudden routing convergence.

 

To answer your question, you may find an idea matching your intended purpose, see link: https://community.cisco.com/t5/firewalls/asa-sla-tracking-w-multiple-icmp-checks/td-p/1368366

 

0 Helpful

Go to solution
haintnsl
Level 1
Level 1
In response to joseph.h.nguyen

‎04-12-2019 10:13 PM

Hi Joseph,

Thank you so much for your advice!

Actually, I setup HA for the firewall (Active-Stanby). I'd like to track the status of the border router (R1) and the remote connection (to KOR-R1). ASA5506-FW2 (in stanby mode) will take over the primary when one of above conditions occur. 

Could you please advise me?

Thank you so much!

0 Helpful

Go to solution
joseph.h.nguyen
Level 1
Level 1
In response to haintnsl

‎04-13-2019 11:57 AM

Sorry, I can't help.  I don't have the time or the resource (lab) to explore such a request.  Not sure the reasoning behind failovering to standby firewall during your described scenarios.  For simplicity, I would use routing protocol for network resiliency when either R1 and/or KOR-R1 becomes unresponsive.  Maybe a community member has done something similar to yours and willing to share.  

0 Helpful

Go to solution
haintnsl
Level 1
Level 1
In response to joseph.h.nguyen

‎04-13-2019 09:37 PM

Hi Joseph,

 

Thank you very much for your help!

 

BRs,

HaiNT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card