Hi
I have had some very good feedback from these forums so am hoping you can help me with a problem i haven't come across before.
We are deploying a new 100Mbit DIA service into our Existing datacentre provided by BT to a pair of ASA 5545-X firewalls in active/standby configuration.
The new internet service is provided as 2 separate LC Fibers and it has a primary Public IP address along with a secondary Public IP with a VRRP Public IP address we should use as a gateway on the firewalls to point to. It also includes a /27 range of Public IP addresses we can use but no guidance on how to use them. They also provide us with 2 public IP addresses and a VRRP IP for their routers.
What I'm questioning at the moment and BT haven't been able help me on this is how we set up our 2 Firewalls as they will be in active/passive configurations. I'm a little confused how can they have a PUBLIC IP addresses on each external interface and a VIP for the default gateway aswell?
I don't really want to introduce 2 more extra routers if we can avoid it so is there a way we can use the ASAs direct into these addresses with a switch, do ASAs support VRRP or will i need another device to do the gateway redundancy?
Apologies if these are obvious questions just hoping to get a little help and guidance.
Damian
Use a switch and plug both LC fibres into it. Put them in the same VLAN. Put the outside interfaces of your firewall into the same VLAN. The firewalls should be put made into a failover pair.
The ASAs don't need to support VRRP. Take the VRRP address they have allocated to you, and use that as your primary outside IP address.
The /27 sounds like it will be routed via the VRRP address allocated to you.