01-23-2012 12:40 AM - edited 03-04-2019 02:59 PM
hi all,
actually im using a cisco asa 5520 as a default gateway to acessin/ publishing in the wan.
i have a cisco 2811 configured to replace the cisco asa in a case of problem, but the switch is made manually.
my lan switch is a 2 3560e configured with hsrp, so it is possible to make redendancy( failover) between the cisco ASA 5520 and the cisco 2811 using a hsrp or other technic.
regards
Solved! Go to Solution.
01-23-2012 05:46 AM
Hi,
Well, looks like you have only one internet line hooked up to ASA. So, doesnt see a point to have redundancy in terms of device when you have only one line available (i.e you always needs to swap across your internet line on another device).
Thanks
Vivek
01-23-2012 06:37 AM
I do not believe that it is possible to configure any automatic failover between the ASA5520 and the 2811. And with a single Internet link it would limit any redundancy possibilities.
If you had two ASAs then you could look at configuring them as a failover pair and achieve redundancy that way. If you had two 2811s you could configure them with HSRP and achieve redundancy. But with 1 ASA5520 and one 2811 I believe that your only option for failover is the manual swap of connections.
HTH
Rick
01-23-2012 12:43 AM
Hi,
what do you want to know exactly? yes HSRP can track an interface and decrease priority of the active device so the standby device can take over. What else do you want to know?
Regards.
Alain
01-23-2012 05:19 AM
so it is possible to make hsrp between 2 cisco different devices ?
01-23-2012 03:08 AM
Hi,
If i understand your question correctly. You have the below requirement
1) You have a Cisco ASA5520 which is a default gateway. My question on this, do you mean all your PC's have the default gateway pointing to the internal interface IP ?
2) Incase of the failure of your ASA5520, you tend to manually replace this with Cisco 2811 router.
3) You also mentioned you have two 3560E series switches. If i consider that ASA is the default gateway for all your PCs then your 3560 is being used as a Layer 2 device.
Does your topology looks like this?
Thanks
Vivek
01-23-2012 05:18 AM
hi,
this is my actual topology
lan--->(DG 2x3560E HSRP)--ip segmment in-->cisco ASA5520-->internet
and this what im lookin for
lan--->(DG 2x3560E HSRP)--ip segmment in-->cisco ASA5520 (primary) wan ip 1.1.1.1-->internet
-->cisco 2811 (stby) wan ip 1.1.1.1-->internet
regards
01-23-2012 05:34 AM
I do not believe that the ASA supports participation in HSRP. I searched the config guide for ASA and the only mention of HSRP was in how to allow HSRP frames to pass through the ASA when configured in transparent mode. So I believe that you will not be able to achieve the automated failover between the ASA and the 2811.
HTH
Rick
01-23-2012 05:51 AM
thanks Mr BURTS,
so there is no way to make fail over between those devices ?
regards
01-23-2012 06:37 AM
I do not believe that it is possible to configure any automatic failover between the ASA5520 and the 2811. And with a single Internet link it would limit any redundancy possibilities.
If you had two ASAs then you could look at configuring them as a failover pair and achieve redundancy that way. If you had two 2811s you could configure them with HSRP and achieve redundancy. But with 1 ASA5520 and one 2811 I believe that your only option for failover is the manual swap of connections.
HTH
Rick
01-23-2012 07:28 AM
thanks Mr BURTS,
you answer is so clear.
in all cases i will buy another cisco 5520 for makin a ha cluster.
so i have a question, if actually have my asa workin to add another asa to mail active passive cluster, the new asa will replicate all the actual configuration or i have to set up or copy manually ?
01-23-2012 10:16 AM
If you get another ASA5520 it is fairly easy to set it up in a HA failover pair. You only need a little bit of interface configuration on the second ASA so that the ASAs can communicate with each other. Then you activate failover. When this happens the backup ASA learns the configuration from the active ASA and then both ASAs share the same config. The active ASA will automatically copy any changes made in the config to the backup ASA so the config automatically stays in sync.
HTH
Rick
01-23-2012 05:46 AM
Hi,
Well, looks like you have only one internet line hooked up to ASA. So, doesnt see a point to have redundancy in terms of device when you have only one line available (i.e you always needs to swap across your internet line on another device).
Thanks
Vivek
01-23-2012 05:50 AM
hi,
i can get another internet link, but if i have another link to the same internet line it will be possible to get it work ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide