[HELP] ASA Redundant Interface Connecting to HSRP non-stack Catalysts

fatalXerror · ‎09-13-2015

Hi Experts,

Good Day!

I have 1 ASA and 2 non-stack switch.

ASA's Gig0/0 is connected to SW01 and Gig0/1 is connected to SW02 and those Gig interfaces of ASA are configured inside a virtual interface called redundant interface which means that the 2 physical interfaces of the ASA becomes active and standby. The 2 switches are configured with HSRP.

Below is my question about the design I mentioned above,

What if the traffic goes to the HSRP standby switch, does the standby switch passes it to the active switch? If not, how can I set my active switch standby group to failover to the other switch so that when the Gig0/1 of ASA goes up (when the G0/0 goes down) takes place?

Thank you

Alexsandro Reimann · ‎09-13-2015

Hi Nikko,

Per your description, when the Active interface from ASA goes down, like G0/0, G0/1 will assume the MAC address from G0/0 and start to pass traffic. This is regarding the Layer 1 redundancy. The traffic destination will be based at ASA routing table. If the routes point to HSRP VIP IP Address, then ASA will passes the traffic through G0/1 with destination VIP HSRP, arriving to Active HSRP Switch. I assuming that SW1 and SW2 are connected themselves into another group of ports.

If you want to change the Active role for HSRP group, you can track the switch interface connected to ASA. This will change the priority level when the interface goes down, forcing the change of HSRP status. You may have to preempt the HSRP group to recover the role when interface back to UP status.

HTH,

Please rate helpful answers.

Alexsandro Reimann.