Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

multihome ASA

Posted on 2011-09-26
6
Medium Priority
?
346 Views
Last Modified: 2012-08-14
What would be the best way to set up a ASA multihomed to two 6509's for failover? The links coming from the asa will pass through the 6509s via L2 only, no SVI's on the 6509s. or below it either. So basically the outside interface ties into the edge while the inside interfaces and dmz's would tie directly into the pair of 6509's.
0
Comment
Question by:chipsch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36601405
You may be able to do redundant interfaces on the ASA, but I think the better choice is to configure the 6509s as a virtual switch and the ASA links as an Etherchannel (introduced in 8.4(1)).  You would have to make sure your 6500s can support VSS (see http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b.html).  The information on Etherchannel on the ASA is at http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030
0
 

Author Comment

by:chipsch
ID: 36601429
Great suggestion but we can not run VSS due to supervisor limitations. My sales pitch didn't quite work as soon as the dollar amount was seen, hehe. Any other ideas? I have not been able to find anything out there. If they supported 802.1w it would be to easy but they do not.
0
 
LVL 7

Accepted Solution

by:
Ironmannen earned 2000 total points
ID: 36715121
Then redundant interfaces are your solution: Cisco ASA Command Ref: Redundant Interface
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Closing Comment

by:chipsch
ID: 36716498
I actually just found that yesterday but thanks for tracking that down anyways. Only unfortunate part is that it is only supported on the 5510 and above. We also have some 5505's that will have to be worked out.
0
 
LVL 7

Expert Comment

by:Ironmannen
ID: 36719882
Thank you for the points, but I would be glad if you changed it to a split since jmeggers mentioned redundant interfaces as a solution...
and of course you are right with the problem of using 5505 in a corporate environment since they are mainly for SOHOs with their limited features
Cheers!
0
 

Author Comment

by:chipsch
ID: 36814322
Just saw that and thanks for pointing that out about Jmeggers. Is there any way a mod can adjust that or reopen this question so I can adjust it?
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question