Solved: two 5505 reduntant with active standby setup

alan-wong · ‎10-22-2012

Dear Cisco

I have two 5505 ASA. I would like to know can I make two 5505 failover reduntant with active standby setup?

Regards

Alan.

Tim Hamblin · ‎10-23-2012

Alan,

They CANNOT. Please refer to the link I posted above

Tim

View solution in original post

Julio Carvajal · ‎10-22-2012

Hello Alan,

http://secret-epedemiology-statistic.org.ua/1587052091/ch11lev1sec3.html

Hope I could help

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

alan-wong · ‎10-23-2012

Thx, but I would like to know that is Cisco 5505 model support active standby failover reduntant configuration?

Thank you.

Tim Hamblin · ‎10-23-2012

Alan,

Unfortunately the 5505 does not support failover, you will need the 5510 Security Plus at least for this feature:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

mkdccie · ‎10-23-2012

Hi Alan,

If you have this 5505, and no budget to buy another 2 ASAs, you can do the failover, but on switch/router level that before the firewall, and use track option.

Note:

1-if you have one public ip, then it will be more difficult, as you will need to make it in another router then to the firewall.

2- if you add any configuration to the primary firewall, you have to do the same on the secondary firewall manually.

Regards,

MKD

alan-wong · ‎10-23-2012

Dear MKD

I have 2 5505 ASA, do you think is support 2 x 5505 reduntant failover with active standby setup? I have experienced to setup two 5510 failover reduntant, but I do not know Cisco 5505 support failover reduntant setup or not?

Best regards

Alan.

mkdccie · ‎10-23-2012

Hi Alan,

Normal way no.

What i gave you in work around way.

Plz rate if this help.

Regards,

MKD

alan-wong · ‎10-23-2012

thank you very much MKD

I have already using 5505 with dual ISP backup. I just want to make sure I can or cannot use 2 5505 to build failover reduntant. Now, I know and confirmed I CANNOT use 2 5505 to build active standby redundant failover. Thank you very much.

mkdccie · ‎10-23-2012

As i said, you can not do failover on 5505 as ASA configuration.

BUT, you can simulate the failover by doing the setting/config on the switch level, since you have 2 ISP, it will be possible to do that.

Make the default route to the secondary firewall with tracking, then make another default route with distance 10 to the secondary firewall.

this will solve your porblem.

Plz rate this if its help.

Regards,

MKD

alan-wong · ‎10-23-2012

hello MKD

one again. So 5505 can or CANNOT do failover with active standby configuration?

Alan

Tim Hamblin · ‎10-23-2012

Alan,

They CANNOT. Please refer to the link I posted above

Tim

Julio Carvajal · ‎10-23-2012

Hello Alan,

Actually it can do failover but not stateful failover. That is the only difference. And of course you need to have a license for that

http://linuxsysadminblog.com/2009/02/cisco-asa-5505-activestandby-failover-configuration/

http://serg0.blogspot.com/2012/01/cisco-asa-5505-failover.html

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC