Need Design Suggestion

ahmad82pkn · ‎03-29-2012

Team,

i am stuck on some design issues, attached is diagram, in Red enclosed area,

i am acting as a Partner in this case, so bottom area is mine.

There are two main requirements.

1-Partners will run an Interior Gateway Protocol (IGP) of their choice which will control failover. ( Which i am acheiving by running OSPF and can move traffic to secondary office on right side in case primary office DS3 goes down )

But i am unable to understand second requirement.

2-The partner will use Cisco proprietary mechanisms like firewall failover and Hot Standby Routing Protocol (HSRP) in their design such that critical components have redundancy.

what does that really mean? and how i can achieve this?

smitesh kharecha · ‎04-03-2012

Hi Ahmad,

Using IGP, you are controlling failover on WAN side; however to controll the failover on LAN end, you need to use HSRP or something similar if implementing on Firewall.

This will protect your LAN end on the single point of failure.

Please rate if helpful

Regards,

Smitesh

sean_evershed · ‎04-03-2012

Hi,

For the firewall component of the design you can configure either an Active / Standby or an Active / Active configuration. See below a link for details:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html

You also need to consider what routing protocol is being used in the Pink area. If they are using a different routing protocol to you then you will have to redistribute these routes into your domain.