cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
0
Helpful
4
Replies

ASA HA and OSPF

Hi,

 

I am planning to setup FPR 2110 running ASA image in HA and running OSPF. we have site A and B connected via two point-to-point links (P2P). let me know if the attached design is good to go, if not suggest. i want outside interface facing site A and inside interface facing Site B as per client requirement.

 

1. How many adjacencies will be formed on Active ASA? is it 2, one with 4510-01 and 4510-02 via both the P2P links?

2. When the primary P2P link goes down, can the active ASA will route traffic via secondary P2P link?

 

Thanks,

Sridhar

4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

There are aspects of your diagram that I do not understand. In particular the point to point links appear to go directly from switch to switch and seem to bypass Firepower. There is something for vlan A and vlan B but it is not clear what you are doing with them and what their connectivity is.

 

HTH

 

Rick

HTH

Rick

hi,

 

i could have briefed abt the connectivity better in my question. apologies.

 

1. At site A, ASA1 inside and the swithport where WAN link is getting terminated will be in the same VLAN (L2). same is the case with ASA2 connected to 6509-02. so any traffic from SiteB destined for SiteA will actually pass thru the FW. 

 

2. Reg VLAN's, as i mentioned , outside will face SiteA and Inside will be facing Site B. Outside interfaces of both ASA's will be in VLAN A and Inside interface will be in VLAN B. so the switchport on 4510-01, 6509-01 and ASA1 inside will be in VLANB. we will be using /29 or /28, one for 4510-01, 6509-01 and one standby IP as ASA's will be in HA.

 

what does it require ASA's to establish adjacency with both 4510-01 and 4510-02 to address the below scenarios.

 

In case of ISP1 going down, can ASA1 establish adjacency via ISP2 automatically?

In case of ASA1 hard down, can ASA2 establish adjacency via ISP1 automatically?

I still do not understand. You tell us "Outside interfaces of both ASA's will be in VLAN A and Inside interface will be in VLAN B". And then you tell us "the switchport on 4510-01, 6509-01 and ASA1 inside will be in VLANB."  How can 4510 and 6509 be in the same vlan?

 

HTH

 

Rick

HTH

Rick

Hi Rick,

 

on 4510-01, the interface will have an IP (L3), at the other end we have an L2 VLAN configured in 6509 swicthes and the ASA1 has an IP assigned...so 4501-01 and ASA1 will be connected via 6509-01.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: