Solved: You can use either Redundant

fsebera · ‎04-13-2016

Hi,

We are implementing 2 ASA 5516-X firewalls dedicated to AnyConnect VPN services. To ensure we are always operational --(and in the event of a failure -- resilient), we want to implement Zones on the "outside" interfaces. Basically each ASA will have 2 "outside" interfaces dedicated to each switch in the 2 member switch-stack.

Anyone have experience with ZONES this OR have a different recommendation?

Thank you

Frank

Topology:

ISP1--------ISP2

| |

R-------------R

|| ||

|| 2 member ||

SWITCH-----STACK

|| ||

|| outside ||

FW----CCL----FW

| |

N7K---------N7K

Philip D'Ath · ‎04-13-2016

You can use either Redundant Interfaces, or Etherchannel. In the case of an ASA 5506, I would use Redundant Interfaces.

I'm not sure on the interface names on a 5506, but something like:

interface Redundant1
  member-interface GigabitEthernet0/0
  member-interface GigabitEthernet0/1
  nameif outside
  ...

View solution in original post

Philip D'Ath · ‎04-13-2016

You can use either Redundant Interfaces, or Etherchannel. In the case of an ASA 5506, I would use Redundant Interfaces.

I'm not sure on the interface names on a 5506, but something like:

interface Redundant1
  member-interface GigabitEthernet0/0
  member-interface GigabitEthernet0/1
  nameif outside
  ...

fsebera · ‎04-13-2016

Ahhh, yes a much better idea!! Keeping it simple.

THANK YOU

Frank

ASA 5516-X resilient connections