Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
6
Replies

Migrate Standby ASA to Backup Data Center

Go to solution
samirshaikh52
Level 2
Level 2

‎10-12-2012 06:12 AM - edited ‎03-11-2019 05:08 PM

Hello Experts,

We have backup data center where I am now  planning to provide backup internet service ( in the case where there is internet down or power outage at main server room) .

I have a pair of Cisco ASA's 5540, one of which I need to move to backup data center ( BDC), Presently I have ADSL router at disaster serve room with static public IP from ISP.


Currently, I am publishing all my internal resources through ASA. Now my questions, if I move Standby ASA to Disaster Server Room. How I can publish the same internal resources through standby ASA and make it standby as active during the down time of main server room


Please can anyone suggestion how to achieve this setup. Is is this scenario possible


Thanking in advance.


Samir

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to samirshaikh52

‎10-14-2012 02:51 PM

Hello Samir,

So you mean 2 different outside connections ( 2 different ISP) on each of the sites ( recovery room and data center).

Well for an active/standby deployment both of the ASA's need to share their interface broadcast domain so they need to be on the same subnet, that being said only one ISP can be active at the time.

I would recomend you to have connectivity to both of the ISP's on both the data center and the backup site, then you can enforce SLA monitoring as well so you can have one ISP as backup providing ( active/standby failover and ISP failover as well)

Let me know how this sounds to you?

Regards,

Julio

Remember to rate all of the helpful answers

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
6 Replies 6

Go to solution
samirshaikh52
Level 2
Level 2

‎10-12-2012 09:01 AM

Just for more info, main and backup server rooms are located in same building.

Samir

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to samirshaikh52

‎10-12-2012 10:23 PM

Hello Samir,

Why dont you go with the active/standby setup for a failover cluster:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Regards,

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
samirshaikh52
Level 2
Level 2
In response to Julio Carvajal

‎10-13-2012 02:27 PM

Hi,

Thanks for your reply.

It's clear for me now for the active/standby scenario. . I'll move ASA to the backup server and creat failover link through LAN.

My second query:

As I mentioned earlier, I have the ADSL service at backp disaster room, how I can keep publishing the internal resources through backup ASA

Please let me know if my question is not clear.

Thanks

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to samirshaikh52

‎10-13-2012 08:12 PM

Hello,

Great, the active/standby is a great option,,

not sure if I understand your query.. Can you be more specific?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
samirshaikh52
Level 2
Level 2
In response to Julio Carvajal

‎10-14-2012 11:12 AM

Hello,

I knew it.

I'll just tell you from the beginning hope it might help you to understand. I appreciate your help.

Presently at my main data center I'm having a  leased line router and then 2 ASA 5540 (with failover active/standby).

I was thinking to move 1 ASA to backup disaster server room. In this regard,  I asked earlier how I can still achieve the active/standby after migrating to backup room. But you had anwered my query

Query 2

I have got new ADSL service and router  with public static IP at backup server room. Now I moved one of my ASA.

How can I keep publishing the internal resources ( like access to internal webserver, rdp connection) by using this ADSL service if the main server room is completely down .

Hope it is clear.

Thanks

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to samirshaikh52

‎10-14-2012 02:51 PM

Hello Samir,

So you mean 2 different outside connections ( 2 different ISP) on each of the sites ( recovery room and data center).

Well for an active/standby deployment both of the ASA's need to share their interface broadcast domain so they need to be on the same subnet, that being said only one ISP can be active at the time.

I would recomend you to have connectivity to both of the ISP's on both the data center and the backup site, then you can enforce SLA monitoring as well so you can have one ISP as backup providing ( active/standby failover and ISP failover as well)

Let me know how this sounds to you?

Regards,

Julio

Remember to rate all of the helpful answers

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card