Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
626
Views
0
Helpful
4
Replies

Firewall Configuration Suggestion

rdotson
Level 1
Level 1

‎05-13-2013 11:03 AM - edited ‎03-11-2019 06:42 PM

I have 2 5585's that I want to install and connect to 2 different ISP's ( or in this case 2 different TLS connections to Verizon).  I have no way of port channeling the two TLS connectons except at the ASA itself.  The TLS connections are the the inside network. The outside connections will go to a switch that is managed by a group where I can have them port channeled if necessary.

I was thinking about clustering, but to make things simple for some of the other staff that will be managing these firewalls when I am out, I've decided to make them Active/Standby.

My question is, because of the two separate TLS connections, is there any reason I can't just make these Active/Standby just as though they would normally be if connected to a switch?                 

level3.jpg

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎05-13-2013 11:09 AM

Hi,

Forgive me my ignorance but what does the TLS stand for?

So these 2 links are the links to your LAN network?

Remember that the ASAs "inside" links have to be connected on the LAN side on L2 so that the ASAs can monitor eachother for the Failover. Or in the case of subinterface each of them have to be connected also L2 at the remote LAN end of the network.

- Jouni

0 Helpful

rdotson
Level 1
Level 1
In response to Jouni Forss

‎05-13-2013 11:24 AM

TLS is Transparent Lan Service.  Basically it is a L2 Ethernet Connection from 2 different sources. 

Yes that is our (inside) LAN network.

My configuration will be a single context with no subinterfaces.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to rdotson

‎05-13-2013 11:32 AM

Hi,

Sounds to me that the setup should work just fine.

Last year I did a migration for a customer from a Dual FWSM to Dual ASA5585-X SSP-20.

Basically we host the ASAs on our datacenter and provide the customer 2 direct 1Gbps links to their site through 2 different physical routes. ASA is Active/Standby.

They have their own L3 Switch Stack on their site as the core which they manage. Though in this situation there are multiple subinterfaces on the single physical link but otherwise the setup would seem to me to be the same type as yours.

-  Jouni

0 Helpful

rdotson
Level 1
Level 1
In response to Jouni Forss

‎05-13-2013 11:44 AM

Thank you Jouni, I'll give it a try.

0 Helpful
Review Cisco Networking for a $25 gift card
Top