ASA Redundant interfaces with stack switches

Mohammed Ashraf Ali · ‎06-11-2013

Hi All,

we have two ASA 5510 connected in failover, and a pair of cisco 2960s switch connected in stack.

Currently one interface of primary ASA is terminated on switch1 and a interface from standby is connected to switch2 as Inside, and switch1 and switch2 are in stack.

for redundancy purpose i want to use multiple interfaces of ASA for inside , so first i thought to use etherchannel , but it has a limitation that , it cannot be terminated on stack switch(as per cisco document http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/interface_start.html ).

So my question is :

1. can we use redundant interface feature where 2 physical interfaces combined to a redundant interface (eg interface redundant 1) for inside redundancy purpose.

2. Can these ports from primary/standby ASA terminated on stack switches (2960s), will this work (if the switch with active port goes down, will the other port take over in the redundant interface with the other switch).

I have attached the nw diagram,

Regards,

Ashraf

Julio Carvajal · ‎06-11-2013

Hello Ashraf,

1. can we use redundant interface feature where 2 physical interfaces combined to a redundant interface (eg interface redundant 1) for inside redundancy purpose.

Sure, you can. That's the whole purpose of the feature.

2. Can these ports from primary/standby ASA terminated on stack switches (2960s), will this work (if the switch with active port goes down, will the other port take over in the redundant interface with the other switch).

It would make sense if that happens, as the status of the interface will be on a different state than up/up so failover to the other interface will be triggered,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC