cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

redundant internet with firewall asa 5515-x

1581
Views
0
Helpful
6
Comments

redundancy internet with firewall ASA 5515-X.jpg

Hi any one,

I have the diagram:

LAN -- Core Switch 3750X -- Firewall ASA 5515X  --- MPLS --- Firewall ASA 5515X --- LAN

I configure Site to site VPN through MPLS line.

Now, I have one question:

How can I configure the firewall that comply with the above diagram means if the active link dies, firewall forward the packet to the standby link ?

Please answer me.

Thanks,

Vo

Comments
Cisco Employee

Hello Vo,

When failover will happen, IP and Mac-address will be swapped between Primary and Secondary unit. So tunnel between P-P ASA should move to P-S ASA.

Thank you.

Beginner

Thanks for your answer.

I will configure Firewall with mode Active - Passive to Site to site VPN between 2 Site.

Howerver, with mode Active - Passive, if the active link dies, all packet will run on the standby link or all packet will be dropped?

Vo Vo

Cisco Employee

Hello Vo,

Packets will be dropped, since we need to establish new ipsec tunnel.

Thank you.

Beginner

Ok, another question: if the active link dies, firewall will route the packet to the stanby link automatic or we must configure manual.

Thanks for your supports.

Cisco Employee

Hello,

Firewall will route the packets to standby automatically cause it will be owner of address which is specified in the peer, no manual intervention is required.

Please rate helpfull posts

Beginner

Thank you very much.