Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
3
Replies

Cisco ASA firewall relocation

timothy_MTS
Level 1
Level 1

‎07-31-2023 09:09 PM

Hello everyone,

I have recently setup the two new switches. These two switches are mainly for replacing the existing/old switches that holds the two ASA firewalls. I have created a Trunk port connecting the old and the new switches. I have set the priority on the new switch to be in higher spanning tree value / cost. So it would not become the ROOT in our environment during the transition period of time.

The firewall is having 4 Nics that connecting to the old switch. Is there anything I need to take care of? or I simply just move the cables over to the new switches.

Regards,

Tim

 

0 Helpful
3 Replies 3

johnlloyd_13
Level 9
Level 9

‎08-01-2023 06:15 AM

hi,

are the two ASA in HA? is it in active-passive mode?

are the two new switches in the same rack?

it would be nice to post a brief diagram.

ideally, you'll pre-configure the new switch access ports, trunks, VLANs, relocate the secondary-standby ASA FW, perform a forced failover to secondary and relocate the primary ASA unit to the new switch.

0 Helpful

MHM Cisco World
VIP
VIP

‎08-01-2023 07:14 AM

Have four NIC' if we assume that two inside and two outside (for two FW) then you are ok and no need config in SW side only config Trunk with correct vlan allow 

If four NIC for each FW the  you need Port Channel I think.

0 Helpful

timothy_MTS
Level 1
Level 1

‎08-01-2023 04:32 PM

Thanks @MHM Cisco World  @johnlloyd_13 

Here is the diagram attached.

The two dmz-sw are connected through PortChannel. Two firewalls are having direct cable connected. They are in HA.

The new c9200L switches are stacked. Trunk was setup to allow the VLANs between the new switches and old dmz-sw.

I also set the priority to a little bit higher on the new c9200L, to make sure that the Root switch stayed the same, for those VLANs.

Indeed I have couple of servers migrated to the new switches, they are in one of the VLANs defined, and working fine.

Now, I am planning to migrate the internet links, and the firewall links to this new switches.

The physical locations are old switches and firewalls are in the same rack, while the new switches are in two racks next to them. Cabling/Wiring are done, and I am waiting for the time to plug in those cables.

Regards,

Timothy

Preview file
217 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card