Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1349
Views
0
Helpful
2
Replies

ASA connection to multiple switch stacks

Go to solution
Kyle Smith
Level 1
Level 1

‎11-12-2012 08:12 AM - edited ‎03-11-2019 05:22 PM

Hello everyone,

Currently in our environment we have have two buildings with an ASA 5520 in each and a core stack of 3750's in each building. I am currently working on a network segmentation project and am thinking of adding another stack of 3750's in each building to add more redundancy to our network. This will allow our access layer switches to have a trunk to each stack and prevent an outage if one of the links or stacks were to go down.

My question is how I would set this up on the ASA end of things while using a common subnet and HSRP on the 3750's. I understand how to use HSRP and STP on the switches to achieve this on the 3750 end of things. I saw you can do etherchannel on the ASA with 8.4 but how does that work in a failover situation?

Also, if the design I am proposing is incorrect or if you have a better suggestion please let me know.

Thanks,

Labels:
138304-ASA Dual Stack 3750.vsd.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
o.melendres
Level 1
Level 1

‎11-12-2012 08:58 AM

Seems to fit on a regular ASA failover scenario,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

It is also possible to have virtual firewalls and do load balance between them. For example, having ASA primary and ASA secondary. Enable Virtual ASA1 and Virtual ASA2.

The ASA primary can have Virtual ASA 1 as primary  and Virtual ASA 2 as failover.

The ASA secondary can have Virtual ASA 1 as backup  and Virtual ASA 2 as primary.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
o.melendres
Level 1
Level 1

‎11-12-2012 08:58 AM

Seems to fit on a regular ASA failover scenario,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

It is also possible to have virtual firewalls and do load balance between them. For example, having ASA primary and ASA secondary. Enable Virtual ASA1 and Virtual ASA2.

The ASA primary can have Virtual ASA 1 as primary  and Virtual ASA 2 as failover.

The ASA secondary can have Virtual ASA 1 as backup  and Virtual ASA 2 as primary.

0 Helpful

Go to solution
Kyle Smith
Level 1
Level 1
In response to o.melendres

‎11-12-2012 11:35 AM

Hello Melendres,

Thank you for your reply. Your link does help. I just spoke with our team and we are actually scrapping the dual stacks in each building and just going with one stack in each building. This way we can keep it simple and always add on other stacks in the future if we need to.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card