Two routers on same physical lan with identical VLANs on each

petercrowe · ‎03-18-2013

I have 2 ASA5510's acting as routers/firewalls, setup on a LAN, each one pointing to a different gateway (different ISPs), and the exact same VLANs set up as sub-interfaces on each of these. Both act as DHCP relays to a Windows Server 2008 DHCP server.

Are there going to be any issues with this setup? Is this the correct way to do it?

All the Trunking has been setup and works. When I Untag a switch port, and point it to whichever gateway, is there going to be any kind of issues?

Many thanks for any help offered.

Reza Sharifi · ‎03-18-2013

When I Untag a switch port, and point it to whichever gateway, is there going to be any kind of issues?

If you untag the switch port, you can only carry one vlan on that interface. If you have multiple vlans, you need to trunk the interface. Do you only have one vlan on each switch?

How many switches are connected to the firewalls?

HTH

petercrowe · ‎03-18-2013

Reza,

Sorry, I wasn't clear. We have multiple switches (5), all with RSTP running. Multiple VLAN's are on each switch, all tagged members of the port that is trunked to each of the Firewalls. Both firewalls are connected into 2 of the 5 switches.

The question I have is in whether there is going to be any strange duplicate kinds of issues with having two firewalls, each acting as a separate gateway, and each pointing different clients to the same DHCP server via the same named VLANs. I'm can't imagine the DHCP server giving out duplicate IPs, but I want to be entirely sure that this setup will not cause any problems. So far, it seems to be working in production, but there are some issues with some laptops getting a VLAN ip, and others not.

Thanks for your help.