Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
15
Helpful
5
Replies

Link aggregation or virtual IP

UCrypto
Level 1
Level 1

‎10-25-2018 06:41 AM - edited ‎03-05-2019 11:00 AM

Dear all ,

I would like to know stupid question.I have the problem to integrate existing network and HA firewall.

please see below diagram and let me know can i conbine two routed interfac to one virtual IP ? it is not mean vrrp. i mean i want to run ether-channel or trunk or link aggregation to see single redundancy link.

Can i solve by using lacp ?

 

Preview file
27 KB
0 Helpful
5 Replies 5

nazimkha
Level 4
Level 4

‎10-25-2018 09:04 AM

Need more information about the switches connecting firewall. For eg : If you are planning to connect a pair of Nexus you can use vPC to the firewall or if you have catalyst you can use VSS or stackwise virtual

UCrypto
Level 1
Level 1
In response to nazimkha

‎10-25-2018 05:15 PM

Thank for help .I would like to know can i solve without using switches?.
May I know can I configure two router ports as a single virtual port.Eg L3
ether channel or route aggregation?
0 Helpful

paul driver
VIP
VIP

‎10-25-2018 06:38 PM

Hello

What kind of fw HA pair are you wanting to use Make/Model?  - When a FW HA is created (say on a cisco ASA in a active/standby mode) the primary and secondary addressing is created on the one fw along with the specified LAN/Stateful failover links usually on the soon to be designated primary fw then when the physical connections are made the standby fw  will synchronize with he primary and a the HA is created, thus the same primary inside/outside address will be available on either physical fw so you really wouldn't need hrsp.

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

UCrypto
Level 1
Level 1
In response to paul driver

‎11-04-2018 05:43 PM

Hi,
I have confuse in desing.If WAN link of R1 is down,branches can detect wan is down and so they swing their traffic to R2.But our VRRP didn't know R1 WAN is down or not.So R1 is still primary and return traffic is fail,correct ? And our FW cannot detect the WAN and FW still forward the all traffice to R1 and traffice is fail,correct ? how to solve this issue ?
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to UCrypto

‎11-04-2018 06:11 PM

Hi,

I think this is a duplicate question. I just replied to your post with a suggestion as VRRP with IP SLA. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card