Re: How to do Network Failover between two ASA 5510

virgoboy009 · ‎04-17-2011

Hello Guys,

Please advise me to design a network setup and achieve failover in the below scenario.

(Vendor router)

L3-Switch ---- ASA FW1 ---switch-- Router 1 ------ MPLS cloud1 ----- Router A ------------ L3 switch

(Vendor router)

L3-Switch ---- ASA FW2 ---switch-- Router 2------ MPLS cloud2 ----- Router B------------ L3 switch

I am planning to achieve the failover either of the following ways -

1) Configuring both ASA FW as active/standby method .

2) configuring ASA FW 1 tracking command pointing to the ISP end ip address so the traffic would be moved to secondary firewall

by putting a AD as 1 on ASA FW ......pointing to the ISP ip address and other floating route ( with a higher AD value) to the secondary firewall interface.

3) To configure HSRP between the Routers.

Please suggest me your comments for my requirement.

Regards,

KA.

Maykol Rojas · ‎04-17-2011

Hello Mohammed,

Sla is only locally significant, meaning if a failure should occur, it will try to bounce to the locally configured interface with the next AD. The redundancy will work only if the ASA fails, if another device fails on the network, I am assuming that it will start sending the traffic to the standby Unit, which is not allow to pass traffic.

Cheers

Mike

virgoboy009 · ‎04-18-2011

Hello Mike,

Thank you for your post .

I would like to know whether we can achive failover or path redundancy by configuring HSRP on two routers , will this support along with two ASA FW.

Can some body post their ideas.

Regards,

KA.