04-13-2016 12:11 PM - edited 03-12-2019 12:37 AM
Hi,
We are implementing 2 ASA 5516-X firewalls dedicated to AnyConnect VPN services. To ensure we are always operational --(and in the event of a failure -- resilient), we want to implement Zones on the "outside" interfaces. Basically each ASA will have 2 "outside" interfaces dedicated to each switch in the 2 member switch-stack.
Anyone have experience with ZONES this OR have a different recommendation?
Thank you
Frank
Topology:
ISP1--------ISP2
| |
R-------------R
|| ||
|| 2 member ||
SWITCH-----STACK
|| ||
|| outside ||
FW----CCL----FW
| |
N7K---------N7K
Solved! Go to Solution.
04-13-2016 01:24 PM
You can use either Redundant Interfaces, or Etherchannel. In the case of an ASA 5506, I would use Redundant Interfaces.
I'm not sure on the interface names on a 5506, but something like:
interface Redundant1
member-interface GigabitEthernet0/0
member-interface GigabitEthernet0/1
nameif outside
...
04-13-2016 01:24 PM
You can use either Redundant Interfaces, or Etherchannel. In the case of an ASA 5506, I would use Redundant Interfaces.
I'm not sure on the interface names on a 5506, but something like:
interface Redundant1
member-interface GigabitEthernet0/0
member-interface GigabitEthernet0/1
nameif outside
...
04-13-2016 01:29 PM
Ahhh, yes a much better idea!! Keeping it simple.
THANK YOU
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide