cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
806
Views
0
Helpful
2
Replies

How to configure routers connected to ASA

Hamood Rehman
Level 1
Level 1

ASA.bmp

Hello

This is the image that you see everywhere for configuring failover. What is the vertical line to the left and right of the ASAs?

I'm studying for SNAF and I wanted to test ASA failover. I wanted to shutdown primary ASA inside or outside interface and see if inside and outside routers' pings would continue through the failover ASA. How do I connect two ASAs to two routers(inside and outside) and what IP addresses I configure on router interfaces? If only one of the ASAs (e.g. primary)connects to inside/outside routers how would the secondary talk to the routers if failover occurs due to power loss to primary?

Thanks.

1 Accepted Solution

Accepted Solutions

Allen P Chen
Level 5
Level 5

Hello,

Here are the answers to your questions:

What is the vertical line to the left and right of the ASAs?

--the vertical line to the left is the outside network segment, the vertical line to the right is the inside network segment

How do I connect two ASAs to two routers(inside and outside) and what IP addresses I configure on router interfaces?

--the outside router will need to connect to the outside network segment, and the inside router will need to connect to the inside network segment.  If you have a switch, you can configure a VLAN for the outside segment and a separate VLAN for the inside segment.  The outside router interface will need to be assigned an IP address that is on the same subnet as the IP address assigned to the outside interface of the ASA.  Likewise, the inside router interface will need to be assign an IP address that is on the same subnet as the inside interface of the ASA.

If only one of the ASAs (e.g. primary)connects to inside/outside routers how would the secondary talk to the routers if failover occurs due to power loss to primary?

--For failover to work, you cannot connect the router directly to one of the ASAs.  The outside and inside routers must be reachable for both ASAs.

Please take a look at the network diagram in the attached PDF, it will illustrate a typical failover design.

Hope this helps.

View solution in original post

2 Replies 2

Allen P Chen
Level 5
Level 5

Hello,

Here are the answers to your questions:

What is the vertical line to the left and right of the ASAs?

--the vertical line to the left is the outside network segment, the vertical line to the right is the inside network segment

How do I connect two ASAs to two routers(inside and outside) and what IP addresses I configure on router interfaces?

--the outside router will need to connect to the outside network segment, and the inside router will need to connect to the inside network segment.  If you have a switch, you can configure a VLAN for the outside segment and a separate VLAN for the inside segment.  The outside router interface will need to be assigned an IP address that is on the same subnet as the IP address assigned to the outside interface of the ASA.  Likewise, the inside router interface will need to be assign an IP address that is on the same subnet as the inside interface of the ASA.

If only one of the ASAs (e.g. primary)connects to inside/outside routers how would the secondary talk to the routers if failover occurs due to power loss to primary?

--For failover to work, you cannot connect the router directly to one of the ASAs.  The outside and inside routers must be reachable for both ASAs.

Please take a look at the network diagram in the attached PDF, it will illustrate a typical failover design.

Hope this helps.

Excellent. Thanks Allen. A diagram of a switch instead of that ve

rtical line would have saved me a few hours of reading, searching and

frustration. So the outside interfaces on two ASAs and the interface on the outside router will all be in the same subnet, inside interfaces on two ASAs and the connecting interface on the inside router will be in the same subnet. Thanks again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: