cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
0
Helpful
1
Replies

EIGRP and always up Interface on ASA 5510

switchtower
Level 1
Level 1

It appears this has been brought up before, but it was never resolved.

Currently I have an ASA 5510 connected to our distribution layer using an IP address in a subnet protected with HSRP. If one of the two dist layer devices go down, the firewall is protected and the IP address doesn't change.

Because of stability and bandwidth requirements, the firewall is being upgraded to a 5520 and connected directly to our cores using EIGRP to route and load balance traffic. I cannot create a loopback address and will need to bind the VPN connections to one of the two point to points with the cores.

If that core router were to go down for some reason, albeit be maintenance or software/hardware issue, the VPN will also go down.

Is there anyway to create a loopback address or use the redundant interface command to create such a link?

Thanks in advance.

1 Reply 1

switchtower
Level 1
Level 1

I guess from my own research there are only two ways to do this:

1. Use redundant 5520's in an active/standby configuration since VPN's can't be utilized in active/active config

2. Use HSRP on the core of our network. Use layer 2 connections on the single firewall with a redundant interface connecting to both cores with an SVI as its default gateway.

Can someone verify these are my only two options? If there is something more I can do, and would like to share, it would be greatly appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: