11-20-2008 01:04 AM - edited 03-06-2019 02:35 AM
Hi! I try to implement HA-configuration with two ASA and two 2821 routers.
! [ASA-1] [2821] !
![Local] < >< >[ISP]!
! [ASA-2] [2821] !
Is it correct configuration?
1) Configure EIGRP on every 2821 to distribute default gw from ISP to ASA
2) Configure EIGRP on every ASA
3) In Active/Standby mode standby ASA don't participate in routing process and don't forward traffic.
Do you know cisco's documents about HA-design with ASA 8.0 and EIGRP?
Solved! Go to Solution.
11-21-2008 05:30 AM
paa@logis,
I would just forget both the EIGRP, and HSRP unless there is some real underlying reason you need thes for this particular type of setup. You don't need either HSRP or EIGRP for Active/standby config. The attached config snippet is all there is to this setup, of course you would simpy add your default static route such as "route outside 0.0.0.0 0.0.0.0
Thanks,
Brandon
11-20-2008 07:46 AM
Are you just trying to implement active/standy with you 2 ASA's and your internet router is attached to the "outside" interface's of the ASA's? If this is so then the configuration is relatively easy. I am not sure I understand where EIGRP comes into the picture?
11-20-2008 09:51 PM
Yes, I try to implement active/standby config. Internet routers are connected to ASA's outside interface. I try to provide redundancy connection of ASA to ISP trought my two routers, I don't want to use HSRP between them, so I think that EIGRP is much better than HSRP.
11-21-2008 05:30 AM
paa@logis,
I would just forget both the EIGRP, and HSRP unless there is some real underlying reason you need thes for this particular type of setup. You don't need either HSRP or EIGRP for Active/standby config. The attached config snippet is all there is to this setup, of course you would simpy add your default static route such as "route outside 0.0.0.0 0.0.0.0
Thanks,
Brandon
11-21-2008 05:34 AM
Oh,
One more thing. You will just connect a crossover cable between the 2 ASA's and your set! You can test the failover by performing a "failover active" from the secondary ASA, or a "no failover active" from the primary ASA.
Thanks,
Brandon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide