- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 10:35 AM - edited 03-04-2019 06:10 PM
Hi Team,
I have a scenario like this.
Two firewalls are connected in Active-standby mode and tracking the inside and outside interfaces. There is a connectivity from router to the primary firewall portX and router is used for reaching the backoffice locations.Here my problem is whenever the firewall failover happens i lost connectivity to the backoffice networks from my inside network of firewall. So is ther anyway to configure the Cisco router with redundant interface like if the interface (connected to primary firewall) goes down, traffic should automatically pass through some other port and it should be connected to standby firewall portX.
Thanks in advance.
Solved! Go to Solution.
- Labels:
-
Other Routers
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 11:04 PM
Hi Krishna,
Cisco routers support "backup interface" feature
Backup interface remains down when primary is up. When primary goes down, backup interface comes up
You need to configure the backup interface command under primary interface
Thank you
Raju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 11:03 AM
You can use IP SLA to change your routing such as default route, PBR, etc. You can find tons of Cisco documentation and examples if you search for them. Otherwise you can read the post below directly from this community:
https://supportforums.cisco.com/docs/DOC-6078
Thank you for rating!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 06:21 PM
Hi Neno,
Here one problem is there for using the IP SLA. I don't have two next hop IP's, only one is there(firewalls are in HA. So same config is there in active and standby FW). Can you suggest how can i proceed in this.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 07:31 PM
What about using the hop after the next as the IP SLA destination interface, like a switch they are plugged in to? For the reachability you can have it track google if you want...
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/813-cisco-router-ipsla-basic.html
Thanks,
Taemyks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 11:04 PM
Hi Krishna,
Cisco routers support "backup interface" feature
Backup interface remains down when primary is up. When primary goes down, backup interface comes up
You need to configure the backup interface command under primary interface
Thank you
Raju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2012 04:15 AM
Hi Raju,
Yes, there is an option in the router interface configuration for backup interface. I will configure this option and check whether it works or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2012 10:04 PM
Hi Raju,
I configured backup interface configuration like below. But it is not working. Can you check and let me know is it correct or not.
int fa0/0
ip add 192.168.1.1 255.255.255.0
backup interface fa0/1
int fa0/1
ip add 192.168.1.1 255.255.255.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2012 10:05 PM
With that configuration whenever the primary down backup interface is not take over as primary and it is showing as disabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2012 10:29 PM
See my post above - I think that will do it for you....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2012 10:42 PM
Hi Wilson,
In my scenario it will not work. Router interfaces are connecting to both the active firwall and standby firewall. Standby firewall remains idle until there is problem in active firewall. Standby firewall is having the replica config of active firewall. So we cannot mention two static routes. If you have any suggetions please let me know.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2018 05:05 AM
Hi Krishna,
Did you solve this issue? I have the same problem. If you solved it could you share config. with me please? Thanks
