Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
10
Helpful
7
Replies

ASA to ASA Link (Cable)

machine23
Level 1
Level 1

‎02-20-2023 10:56 AM

I’ve got 2 ASA’s side by side and it’s connected via IPsec - it works great 

Since they in the same site - I’d like to use a physical connection (faster/secure)  and link the 2 firewalls and connect the internal networks on both ASA’s

So what is the best way to do it ? 
Iam thinking of giving 1 interface on each an ip on the same subnet and static route ? 
Please advise 

thanks  

0 Helpful
7 Replies 7

Rob Ingram
VIP
VIP

‎02-20-2023 10:59 AM - edited ‎02-20-2023 11:01 AM

@machine23 you can physically connect the interfaces, configure an IP address in the same network, configure routing (static/dynamic) and configure the access control list to pertmit/deny traffic accordingly.

Another option, if they are physically in the same location, you could make them an HA failover pair for resilency and just configure the 2 networks on different interfaces.

 

machine23
Level 1
Level 1
In response to Rob Ingram

‎02-20-2023 11:19 AM

Thanks Rob for the input … I will try that  

0 Helpful

machine23
Level 1
Level 1
In response to Rob Ingram

‎02-20-2023 01:50 PM

So I connected them and when adding routes it says route already exists ( from the site to site I think ) 

HA seems the-logical option ..

For HA connect both internal networks  to the active and configure the other as standby  ? 

0 Helpful

Rob Ingram
VIP
VIP
In response to machine23

‎02-20-2023 01:53 PM - edited ‎02-20-2023 01:55 PM

@machine23 it depends what static route you are referring to. You would not need a static route for the outside interface of the other ASA, it's directly connected. You need static routes for the internal networks. It would be helpful to provide this information so we know what you've configured. 

Yes, you could configure as Active/Standby, with each network on a separate interface. Example - https://integratingit.wordpress.com/2016/08/12/configuring-cisco-asa-activestandby-failover/

 

0 Helpful

machine23
Level 1
Level 1
In response to Rob Ingram

‎02-20-2023 02:12 PM

yes I’m trying to add internal static routes, I’ve got some full tunnel vpn to setup and I’ll get the Config over … thanks for the help very much appreciated

0 Helpful

MHM Cisco World
VIP
VIP
In response to machine23

‎02-20-2023 02:00 PM

If you share your network topology it is better 

0 Helpful

MHM Cisco World
VIP
VIP

‎02-20-2023 11:20 AM

connect internal network to both ASA you need to run ASA HA 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card