02-26-2019 07:21 AM
Hi,
I am planning to setup FPR 2110 running ASA image in HA and running OSPF. we have site A and B connected via two point-to-point links (P2P). let me know if the attached design is good to go, if not suggest. i want outside interface facing site A and inside interface facing Site B as per client requirement.
1. How many adjacencies will be formed on Active ASA? is it 2, one with 4510-01 and 4510-02 via both the P2P links?
2. When the primary P2P link goes down, can the active ASA will route traffic via secondary P2P link?
Thanks,
Sridhar
02-26-2019 12:03 PM
There are aspects of your diagram that I do not understand. In particular the point to point links appear to go directly from switch to switch and seem to bypass Firepower. There is something for vlan A and vlan B but it is not clear what you are doing with them and what their connectivity is.
HTH
Rick
02-28-2019 06:16 AM
hi,
i could have briefed abt the connectivity better in my question. apologies.
1. At site A, ASA1 inside and the swithport where WAN link is getting terminated will be in the same VLAN (L2). same is the case with ASA2 connected to 6509-02. so any traffic from SiteB destined for SiteA will actually pass thru the FW.
2. Reg VLAN's, as i mentioned , outside will face SiteA and Inside will be facing Site B. Outside interfaces of both ASA's will be in VLAN A and Inside interface will be in VLAN B. so the switchport on 4510-01, 6509-01 and ASA1 inside will be in VLANB. we will be using /29 or /28, one for 4510-01, 6509-01 and one standby IP as ASA's will be in HA.
what does it require ASA's to establish adjacency with both 4510-01 and 4510-02 to address the below scenarios.
In case of ISP1 going down, can ASA1 establish adjacency via ISP2 automatically?
In case of ASA1 hard down, can ASA2 establish adjacency via ISP1 automatically?
02-28-2019 07:14 AM
I still do not understand. You tell us "Outside interfaces of both ASA's will be in VLAN A and Inside interface will be in VLAN B". And then you tell us "the switchport on 4510-01, 6509-01 and ASA1 inside will be in VLANB." How can 4510 and 6509 be in the same vlan?
HTH
Rick
02-28-2019 07:36 AM
Hi Rick,
on 4510-01, the interface will have an IP (L3), at the other end we have an L2 VLAN configured in 6509 swicthes and the ASA1 has an IP assigned...so 4501-01 and ASA1 will be connected via 6509-01.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide