12-29-2008 04:15 AM - edited 03-06-2019 03:10 AM
Hi,
I am planning to implement have a collapsed core architecture with two core switch connected to two asa firewall. Can somebody guide me on the High availibility options that i have. Can i have two links connecting to a single asa firewall originating from both the core switch.
12-29-2008 04:28 AM
Naresh
"Can i have two links connecting to a single asa firewall originating from both the core switch."
This is not typically what you would do. 2 interfaces on the same ASA cannot be in the same IP subnet and so the interfaces would need to be in different subnets.
If you want to use active/standby as shown in your diagram then you would be better off removing the cross connects between the core switches and the ASA firewalls so core1 connects to ASA1 and core2 connects to ASA2 on the inside interfaces of the ASA's. You still need to have a separate pair of interfaces for stateful failover.
Then assuming ASA1 is active
1) if core1 dies ASA2 becomes active
2) if the link from core1 to ASA1 goes down ASA2 becomes active
This assumes that the link between your 2 core switches is a L2 trunk. If it is L3 routed link then the above would not apply.
Jon
12-29-2008 05:19 AM
VSS is probably an option if core devices are 65xx.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide