Announcement

Collapse
No announcement yet.

ASA Failover and Layer 3 (3560-X)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA Failover and Layer 3 (3560-X)

    Here is my setup https://dl.dropboxusercontent.com/u/...20failover.JPG As you can see, we have dual ASA 5512-X used for Internet access, VPN and so on, and L3 3560-X behind them, thatís connected to L2 access switches.

    ASA config is ok so far. Failover is working between ASAs (when primary fails, the secondary takes the config of the primary, and also the IPs of inside/outside addresses), but I donít know how to configure GE 0/2 on 3560-X thatís behind the ASA?

    I wanted to put it also with no switchport command, and ip address 10.101.0.4 255.255.255.0 but that overlaps GE 0/1 and L3 wonít let me do what. Is there a workaround with this one, so I can the L3 automatically switches over to GE 0/2 if primary ASA fails (in other words, if the connection with P-ASA to GE 0/1 L3 fails)

    Thanks in advance!

  • #2
    Re: ASA Failover and Layer 3 (3560-X)

    Should be able to do HSRP on the L3 switch and track objects (IP SLA). Should be able to google for an example.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: ASA Failover and Layer 3 (3560-X)

      I googled a bit, but seems like HSRP needs two devices two participate in group. Here I have only one L3 switch, with two GE ports that are connected to two ASA, and I want to monitor them

      Sorry to bother you, but if you can clarify this a little bit more to me, it would be great

      Thanks in advance!

      Comment


      • #4
        Re: ASA Failover and Layer 3 (3560-X)

        Search for ASA High Availability on google and/or check out the configuration guide for your ASA model.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          I know this is an old post but this still might help someone looking for an answer... what you want is a VLAN or BVI interface on the switch in the same VLAN as the ports to the ASA. Otherwise it's like connecting the two ASA's to two different routers

          Comment

          Working...
          X