Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
1
Replies

Active/Passive ASA with Redundant ISP Connections

Brent Catoe
Level 1
Level 1

‎04-26-2012 05:26 AM - edited ‎03-04-2019 04:09 PM

Currently we are using a single connection to our ISP and in the coming months will be moving to a two seperate connections (to same ISP). In our current setup we utilize active/passive ASA's (5520, single context) and would like to utilize that going forward as well, the reason being is our DMZ's all hang off of these ASA's and we have fiber connectivity between our datacenters.Our main datacenter and DR Datacenter are basically one big LAN with fiber between them, so we have our DMZ networks at both locations currently with both terminating in our ASA's. That way if the ASA at our current site fails the DMZ's are still accessible via the secondary firewall at our DR facility.

Is the attached diagram a feasible way to accomplish this? Or is there an easier way?

Labels:
Preview file
432 KB
0 Helpful
1 Reply 1

Bharat Negi
Level 1
Level 1

‎05-02-2012 05:21 AM

Hi

The diagram seems to be fine provided Standby ASA is reachable from DR site via fiber link in case active ASA fails.  At WAN side the internet link must be from same ISP otherwise you may face problem in NAT (as different ISPs will provide different set of Public IPs).  You can also avoid this problem by have your own public IP space from APNIC/RIPE/ARIN/etc.

Regards

Bharat

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card