Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
6
Replies

IOS CBFW firewall HA

jason.kwang
Level 1
Level 1

‎10-10-2011 01:10 AM - edited ‎03-11-2019 02:35 PM

Hi All,

Have anyone deploy HA on IOS firewall with Fastethernet interface configured into multiple sub-interfaces and tag with different vlan-Id and is assign as inside interfaces. Serial interface is outside interface. Would like to know whether HA can be apply in such design and whether it works ?

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎10-10-2011 01:59 AM

Hi,

What you mean by HA? afaik HA is done through FHRPs like HSRP,VRRP or GLBP and they all demand at least 2 routers.I think it should work as long as active/standy can communicate they state which they will as by default traffic from/to self is permitted.

Can you tell if this is what you want to do ? if so I'll lab it up quickly and confirm or not what I said above.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

jason.kwang
Level 1
Level 1
In response to cadet alain

‎10-10-2011 02:33 AM

Hi, you are partlly right abt my question. Yes I mean 2 routers running hsrp. But also following command on the 2 router

Redundancy inter-device

Scheme standby

This is relatively new commands. I have no routers to test out !

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jason.kwang

‎10-10-2011 02:44 AM

Hi,

ok gonna lab it up and tell you what.

Alain.

Don't forget to rate helpful posts.
0 Helpful

martinbuffleo
Level 1
Level 1
In response to cadet alain

‎11-23-2011 03:26 AM

Did you manage to lab the router as firewalls in HA?

I'm just about to purchase 2x 2901 to run as firewalls to protect my network.

But would like to configure them in active/stanby?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to martinbuffleo

‎11-23-2011 04:58 AM

Hi,

Sorry but I couldn't test because I didn't know about these 2 commands:

Redundancy inter-device

Scheme standby

And I must admit as there was no new post from you it gout out of my head.

Do you really need these 2 commands? otherwise post your topology and requirements and i'll do it tomorrow or on friday.

I don't have any 2901 or ISR G2 to test but only GNS3 and I'll have to use the SNAT feature which may be unavailable on the newer platforms as it is phased out by Cisco and they recommend using active/standby or active/active ASA pair for replacement of this technology.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

martinbuffleo
Level 1
Level 1
In response to cadet alain

‎11-23-2011 05:04 AM

It wasn't my thread I'm just jumping on the back of it

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card