Need Help in Desinging the Setup

Ganesan Palaniappan · ‎04-04-2012

Hi All,

We got a Proposal to design a Setup and we need some guidelines in setting up the same. Below are the Points we need to fulfill.

1) All the Core Devices (L3 Switch,Firewall and Router) should have redundancy.

2) A Site to Site Tunnel has been build on the ILL Link and again both should act act as a Backup if any of the Link as well as Tunnel down cases. (Assume that the destination is same for the two tunnels)

Kindly help me in providing some guidelines like:

Is any dyanmic routing i need to use between the core devices or static routing with higher AD.

Is it possible to track the Tunnel interface ( IP SLA for IPSEC) , If yes, need configuration example.

Where can i use HSRP in between the setup to provide the redundancy ?

Is there any other changes i need to do to achieve the below setup ?

Attached a Sample diagram where we are planning to do the setup. please refer and let me know your ideas.

Thanks and Regards,

GanAlagu07

sean_evershed · ‎04-04-2012

Hi,

For the firewall components of your design I suggest that you consult the following guide on firewall high availability (HA).

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html

See Figure 60-3 as a guide. You don't have a failover link shown between your firewalls for example in the diagram supplied.

Your diagram shows Layer 3 switches with uplinks to the firewalls. Don't forget that in order to configure a pair of HA firewalls the inside interfaces of both devices need to be on the same subnet.

Don't forget to rate posts that are helpful.