Solved: how can i redundant my uplinks?

dsolangon · ‎11-20-2012

The scenario is i have one layer3 3com connected to two High availability ASA. What is the best practice configuration for the uplinks of the 3com switches going to my ASA?

Sent from Cisco Technical Support iPad App

shillings · ‎11-21-2012

Yep - that's what I meant.

I would imagine the asa inside interface config looking something like this, with 10.1.1.2/29 configured on the 3com switch virtual interface:

interface FastEthernet0/1

no nameif

no security-level

no ip address

no shut

!

interface FastEthernet0/1.3

description Uplink to 3com LAN switch

vlan 3

nameif INSIDE

security-level 100

ip address 10.1.1.1 255.255.255.248 standby 10.1.1.3

!

I seem to recall there is an functional impact depending upon where you place the nameif command. If put under the main interface, instead of subinterface, then I think the ASA will also send untagged traffic as well as tagged. Might be one to check out yourself.

View solution in original post

Abzal · ‎11-20-2012

Hi Daryl,

What is model of your ASAs? And 3com? Is second ISP used as backup?

Abzal

Best regards,
Abzal

shillings · ‎11-20-2012

I would configure the 3com uplinks as dot1q trunks to each asa. Then select a VLAN ID and create it a layer-3 virtual interface on the 3com and assign /29 address.

Presuming the ASA is not a 5505, then I'd configure the inside as a subinterface and match the VLAN ID to the 3com. Then add another /29 address here.

(optional) Configure a standby ip on the same subinterface using a 3rd /29 address. This is so the standby asa can monitor the active unit via its inside interface.

That would be how I'd do it, but interested in any other suggestions.

dsolangon · ‎11-20-2012

@shillings

So you mean i iwill configure my asa with sub int using the same vlan of 3com up link switch and make it layer 3? Please see the attached img

Sent from Cisco Technical Support iPad App

shillings · ‎11-21-2012