Dear,

It is a typinig mistake it is not 2960 router it is a 2920 router,,  I dont have a switch in between 2920 router and ASA firewalls  this is the issue.

Thanks

Hello,

Can anybody help for the above query please.

Thanks

What is the hardware configuration of your router? I'm guessing its really  a 2921.

take a look at this product sheet. It would facilitate what you want to do.

Here is another link, check the second diagram.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Hello ,

I think My question is not clear i elaborate more to be clear understanding.

please find the attached screenshot,

As you can see in the attached screen shot the switch between the firewall and the internet router where all 3 devices are connecting is missing in my Network.

For temporary Solution if i m  connecting ASA-1 to Internet router traffic will flow as a stream BUT incase ASA-1 fails then i have to manually shift cables from ASA-1 to ASA-2.

To avoid shifting of cables Is there any solution that i can do on Internet router interfaces to avoid  manual interaction of changing cables

Thanks

there is a second diagram in the attachement for failover that shows:

2 fw to fw direct links, and a link from each fw to the router. it does require 2 interfaces on the router and 3 interfaces on the firewalls.

without that, you essentially need either a switch module in the router (link #1) or, an external switch.

Hello,

Still it is not clear i think so,

There is nothing to do with the ASA, Everything has to be done on the Internet router. Suppose if i get a Public pool of IP address 202.202.202.202/29, From this subnet I will use 1 IP on ASA outside interface and 1 IP on the Internet Router interface (gig0/1) connecting to ASA-1 but what IP i should use on gig0/2 of Internet Router,(GiG 0/1 Subnet IP is not accepted on router on GIG0/2),  So when the failover happens to ASA-2 and it is connected to gig0/2 interface of Internet router which is having no ip address, so in this case what configuration i shld do to on 2920 Internet Router.so that if GIG0/1 goes down GIG0/2 should take over the IP of GIG0/1.

Thanks

you need either a bigger public pool for HSRP on the router. you still need to cross connect the appliances so they can share state information.

Hello,

Is it so we can do Bridging on 2 interfaces of router???? Is it possible,

Can u elaborate more the previous mail please.

Thanks

If you could hsrp 2 ethernet ports on the router that consumes 3 host addressess out of your public ip address space,

then you need somthing for NAT, and FIrewall interfaces.

Hello,

HSRP is done between 2 routers, I have only 1 Internet router (2920) ??? How HSRP solution will work i think it is not possible,

Is it Bridging can work, I have not read abt Bridging but i want general idea on this thread.

Thanks