Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1956
Views
0
Helpful
6
Replies

Redundant connection between switch stack and single ASA

Go to solution
jpeterson6
Level 2
Level 2

‎07-15-2011 09:19 AM - edited ‎03-07-2019 01:14 AM

I've got a single ASA 5510 running v8.2 and my client wants it to directly connect into two 3750 switches (both members of one stack) for redundancy.

It is my understanding that Etherchannel was introduced to ASA in 8.4, but upgrading is not an option at this time due to the amount of changes required.

What is the best way to go about this? I'm thinking something to do with IP SLA on the 3750 side, but what about the ASA side? Would HSRP be the better option?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎07-15-2011 09:34 AM

Hi,

   Easy way to do this without upgrading OS 8.4 on ASA(which needs checking hardware first). Just try redundant interface on ASA to acting as active/standby and yes,it can connect across C3750 stack. Just read how redundant interface works: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838

HTH,

Toshi

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎07-15-2011 09:34 AM

Hi,

   Easy way to do this without upgrading OS 8.4 on ASA(which needs checking hardware first). Just try redundant interface on ASA to acting as active/standby and yes,it can connect across C3750 stack. Just read how redundant interface works: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838

HTH,

Toshi

0 Helpful

Go to solution
jpeterson6
Level 2
Level 2
In response to Thotsaphon Lueangwattanaphong

‎07-15-2011 06:44 PM

Thanks once again (You helped me in another thread).

One thing about that link that concerns me though under Physical Interface Guidelines

You cannot add a physical interface to the  redundant interface if you configured a name for it. You must first  remove the name using the no nameif command.

Caution: If you are using a physical interface already in  your configuration, removing the name will clear any configuration that  refers to the interface.

Is this true? This ASA has previous configuration on it. What configurations will be cleared? I assume all NAT and ACLs on the inside interface.. anything else I should worry about?

0 Helpful

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎07-15-2011 07:05 PM

Hi,

I hate to say this but yes seems you need a bit downtime for modification. But this feature is good if you cannot go for etherchannel on 8.4.

Toshi

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
jpeterson6
Level 2
Level 2
In response to Thotsaphon Lueangwattanaphong

‎07-15-2011 08:53 PM

Gotcha.

What needs to be configured on the switch end? Just two switchport access interfaces on the same VLAN and that's it?

0 Helpful

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎07-16-2011 04:11 AM

Hi,

You are right. Thats what you have to do on c3750.

Toshi

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
jpeterson6
Level 2
Level 2
In response to Thotsaphon Lueangwattanaphong

‎07-16-2011 02:31 PM

Worked great. Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card