11-13-2012 01:39 PM - edited 03-07-2019 10:01 AM
Hi, i am working on some high availibility design for my campus network. i need little help.
Currently my 6509 is connected with 2xASA(Active/Standby) that connect with a single outside switches(poitn of failure) and then internet router(point of failure).
we got another interner router with another ISP and did BGP multihomed and connected it with second outside switch and configured HSRP on it.
Now my question is can i connect Primary ASA outside interface with first outside switch and connect secondary ASA outside interface with second outside switch? ( is it that simple? ) all i want is in case primary outside switch go down, traffic move to second outside switch and then out to internet via second router.
Attached is diagram for more explanation
11-13-2012 07:10 PM
Hi,
It should work fine. You need to run HSRP or VRRP with a /28 or 29 between the 2 outside switches and the firewalls. You also need a connection between the firewalls to be used as the active/stand-by heard beat.
HTH
11-14-2012 10:47 AM
Hello Reza,
Yes both Firewall already configured and connected via LAN base failover cable.
Outside switches are Layer 2, but i am planning to run HSRP on routers.
so with above clarification and my original question and my proposed diagram, i should be fine right?
more cautions since change is in main data center so want to avoid any downtime, though its been lucky for running since longs without hardware failure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide