Implementing a second ASA5510 for an Active/Standby Configuration
Attached is my current network layout. I am adding a second ASA5510 to my network to achieve active/standby failover. Looking at my network diagram, it looks like I'm going to need to add a switch between the router and the ASA for me to be able to add the second ASA. The bad news is I don't have another switch. I tried to create a second vlan on the Cisco 2950 (LAN Switch), so essentially I would have a private vlan (vlan1) and a public vlan (vlan2). The problem is since a 2950 switch is a L2 switch I can only have one active vlan at a time. Does anyone know of a creative solution to achieve my goal of ASA Active/Standby using my current equipment. Please let me know if you need additional information. 
ASKER
Here is the "show version" from my switch:
Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Mon 12-Jul-04 08:18 by madison
Image text-base: 0x80010000, data-base: 0x8055C000
ROM: Bootstrap program is C2950 boot loader
Switch uptime is 2 hours, 25 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.12
cisco WS-C2950G-24-EI (RC32300) processor (revision H0) with 20873K bytes of mem
ory.
Processor board ID FOC0852X117
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0F:28:A5:2F:40
Motherboard assembly number: 73-7280-05
Power supply part number: 34-0965-01
Motherboard serial number: FOC08032BMX
Power supply serial number: PHI0751066E
Model revision number: H0
Motherboard revision number: A0
Model number: WS-C2950G-24-EI
System serial number: FOC0852X117
Configuration register is 0xF
Here are the switch configurations. When I do a "no shut" on vlan 2, vlan 1 shuts down, if I do a "no shut" on vlan 1, vlan2 shuts down.
witch#show run
Building configuration...
Current configuration : 1533 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable password cisco
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description LAN
ip address 172.19.0.50 255.255.252.0
no ip route-cache
!
interface Vlan2
description WAN
ip address x.x.223.100 255.255.255.224
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
!
!
end
Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA1, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Mon 12-Jul-04 08:18 by madison
Image text-base: 0x80010000, data-base: 0x8055C000
ROM: Bootstrap program is C2950 boot loader
Switch uptime is 2 hours, 25 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.12
cisco WS-C2950G-24-EI (RC32300) processor (revision H0) with 20873K bytes of mem
ory.
Processor board ID FOC0852X117
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0F:28:A5:2F:40
Motherboard assembly number: 73-7280-05
Power supply part number: 34-0965-01
Motherboard serial number: FOC08032BMX
Power supply serial number: PHI0751066E
Model revision number: H0
Motherboard revision number: A0
Model number: WS-C2950G-24-EI
System serial number: FOC0852X117
Configuration register is 0xF
Here are the switch configurations. When I do a "no shut" on vlan 2, vlan 1 shuts down, if I do a "no shut" on vlan 1, vlan2 shuts down.
witch#show run
Building configuration...
Current configuration : 1533 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable password cisco
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description LAN
ip address 172.19.0.50 255.255.252.0
no ip route-cache
!
interface Vlan2
description WAN
ip address x.x.223.100 255.255.255.224
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
!
!
end
can you post a sh vlan? did you go into vlan configuration mode?
Switch# vlan database
Switch(vlan)# vlan 2 name internet
Switch(vlan)# exit
Switch# vlan database
Switch(vlan)# vlan 2 name internet
Switch(vlan)# exit
ASKER
yes, I did. It looks like you can configure multiple vlans on a 2950, but you can't have more that one vlan Active at a time. I just found this:
https://www.experts-exchange.com/questions/22153401/Cisco-2950-Switch-Vlan-issue.html?sfQueryTermInfo=1+10+2950+30+cisco+multipl+switch+vlan
https://www.experts-exchange.com/questions/22153401/Cisco-2950-Switch-Vlan-issue.html?sfQueryTermInfo=1+10+2950+30+cisco+multipl+switch+vlan
Oops my bad, I have 2960's :) Get a switch :(
you can only have one VLAN with an IP address, you can have multiple VLANS without addresses
the VLANS don;t need to be "active, just configured and then ports configured with that VLAN as an access port
the VLAN can be in a "shut down" state as it is only working at L2
the VLANS don;t need to be "active, just configured and then ports configured with that VLAN as an access port
the VLAN can be in a "shut down" state as it is only working at L2
ASKER
ArneLovius, so do you believe I can get Active/Standby failover to work properly by just creating another vlan then using the equipment I already have. Do you see a need for a switch between the Router and ASA's? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ArneLovius. So looking at my network diagram, your saying I could just use the existing switch that sits on the LAN, but just create another VLAN that is not active and it should work? I will test this. Thanks for your help?
yes, you have it exactly
ASKER
Thanks. I did test, and it worked. Thanks for you help.
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swvlan.html#wp1120649
Shareef