?
Solved

multihome ASA

Posted on 2011-09-26
6
Medium Priority
?
344 Views
Last Modified: 2012-08-14
What would be the best way to set up a ASA multihomed to two 6509's for failover? The links coming from the asa will pass through the 6509s via L2 only, no SVI's on the 6509s. or below it either. So basically the outside interface ties into the edge while the inside interfaces and dmz's would tie directly into the pair of 6509's.
0
Comment
Question by:chipsch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36601405
You may be able to do redundant interfaces on the ASA, but I think the better choice is to configure the 6509s as a virtual switch and the ASA links as an Etherchannel (introduced in 8.4(1)).  You would have to make sure your 6500s can support VSS (see http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b.html).  The information on Etherchannel on the ASA is at http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030
0
 

Author Comment

by:chipsch
ID: 36601429
Great suggestion but we can not run VSS due to supervisor limitations. My sales pitch didn't quite work as soon as the dollar amount was seen, hehe. Any other ideas? I have not been able to find anything out there. If they supported 802.1w it would be to easy but they do not.
0
 
LVL 7

Accepted Solution

by:
Ironmannen earned 2000 total points
ID: 36715121
Then redundant interfaces are your solution: Cisco ASA Command Ref: Redundant Interface
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Closing Comment

by:chipsch
ID: 36716498
I actually just found that yesterday but thanks for tracking that down anyways. Only unfortunate part is that it is only supported on the 5510 and above. We also have some 5505's that will have to be worked out.
0
 
LVL 7

Expert Comment

by:Ironmannen
ID: 36719882
Thank you for the points, but I would be glad if you changed it to a split since jmeggers mentioned redundant interfaces as a solution...
and of course you are right with the problem of using 5505 in a corporate environment since they are mainly for SOHOs with their limited features
Cheers!
0
 

Author Comment

by:chipsch
ID: 36814322
Just saw that and thanks for pointing that out about Jmeggers. Is there any way a mod can adjust that or reopen this question so I can adjust it?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question