Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
625
Views
0
Helpful
1
Replies

ASA and redundant interfaces design

Anton Rozhkov
Level 1
Level 1

‎04-18-2011 10:38 PM - edited ‎02-21-2020 04:19 AM

Hello

We have two multilayer switches and only one ASA 5520. I'd like to connect ASA in the way described on the picture: each redundant interface includes two physical ones, which are connected to different switches

ASA.gif

My question is what kind of link it is necessary to have between switches to make this idea work? I'd have subinterfaces like Re1.100, Re2.200 and so on for my traffic.

I understand that correct design approach is to have two redundant firewalls with failover but we cannot purchase the second one yet.

Any answers/ideas would be appreciated.

0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎04-23-2011 06:37 AM

Hi Anton,

You can certainly configure the links between the ASA and the switches as trunk ports and then configure subinterfaces off of your redundant interface.

Here are the configuration guides that will walk you through this:

Configuring a Redundant Interface:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1062296

Configuring VLAN Subinterfaces and 802.1Q Trunking:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1082576

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card