Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
0
Helpful
4
Replies

ASA Redundancy Options

Abraham Lagmay
Level 1
Level 1

‎07-15-2010 09:02 AM - edited ‎03-11-2019 11:12 AM

We are adding a new 6509 switch B to use for redundancy of current 6509 switch A using HSRP.  Currently, we have 2 ASA firewall units configured as active/standby failover single mode.  Both ASA units connects to switch A at this time.  We are planning to relocate the connection of ASA standby unit to the new 6509 switch B.  What would be the best way to configure the ASA units for redundancy if switch A fails and traffic goes thru switch B.  Will the ASA standby unit automatically start passing trying?  Please advice.

Thank you,

Abraham

Labels:
0 Helpful
4 Replies 4

manish arora
Level 6
Level 6

‎07-15-2010 09:37 AM

Hi,

if the ASA pair is configured in an active/standby configuration then you can have asa 1 ( active ) connect to the active interface of the hsrp switch and then the standby asa interface to the standby hsrp interface ( no priority load balancing on hsrp ).  In the event of the switch a ( active hsrp ) faileur, the asa will failover as one of the interface of the active firewall will fail and the secondary will take over.

another senario could be ,  have redundant interfaces on the asa and have them connect to different switches ( redudant interfaces are generally used for interface faileur redundancy ). i do not know for sure how redundant interfaces will work with hsrp interfaces ( never configured that in that senario) , but never the less i have seen people using it with plain L 2 switches in between their firewalls and distribution/core switches.

hope it helps

manish

0 Helpful

Abraham Lagmay
Level 1
Level 1
In response to manish arora

‎07-15-2010 11:25 AM

Hi Manish,

Thanks for the feedback.  So the first open you provided does not need additional configurations on the ASA?  Once switch A fails, ASA standby will become active and as a result would carry the traffic load?

Abraham

0 Helpful

manish arora
Level 6
Level 6
In response to Abraham Lagmay

‎07-15-2010 12:07 PM

Yes ! when we configure active/standby on asa , it fails over in the event of an interface failure.

You can look into the configuration of the asa , where you can control the failover in the event of an interface failures using interface monitoring.

download the  asa82cfg.pdf from cisco.com for configuration help.

Thanks

manish

0 Helpful

Abraham Lagmay
Level 1
Level 1
In response to manish arora

‎07-15-2010 12:09 PM

Thank you.  I will look into the configuration.

Abraham

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card