Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
1
Replies

High Availability OPTIONS

ohareka70
Level 3
Level 3

‎02-16-2017 01:03 PM - edited ‎03-12-2019 01:56 AM

Hello,

I have two sites 3 miles apart. Both have a 100MB internet pipe and terminates on my Cisco Firewall. I have dmz services running at both sites but my two firewalls are running as stand alone devices. I am just looking for advice on what approach to take (if any) for a High Available solution so i can have the dmz services load balanced across both sites.

I have bought two loadbalancers but don't see how they can handle source based NAT for incoming or outgoing traffic

Has anyone successfully implemented this project - i am just looking for a nudge in the right direction

My cisco's are 5585s with a Cisco Security Mgr pushing the policy to both 

thanks
Kevin

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎02-16-2017 01:20 PM

It sounds as though the loadbalancers are to be placed infront of the ASAs?

Though I haven't setup the loadbalance side of the solution, I do have a customer that uses Citrix Netscaler for exactly this.

The setup is ASA ---- Netscaler ---- DC1/DC2

services are NATed from the internet to the Netscaler DMZ and then the Netscaler takes care of the rest.

But as you mention that you have CSM pushing the policies to the ASA then I am assuming they are not setup in Active / Standby HA.  This is where my solution differes in that the ASAs are in Active / Standby (we have a dark fiber running between the datacenters).

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card